SharePoint Online: PowerShell to Get Folder Permissions

Requirement: Get Folder Permissions in SharePoint Online using PowerShell

How to Get Folder Permissions in SharePoint Online?
Folder level permission in SharePoint Online helps to obtain fine-grained permissions. To view folder level permission in SharePoint Online:
  • Go to the library where the folder to check permissions. Select the Folder and from the Information panel, click on "Manage Access" link. 
    folder level permission in sharepoint online
  • This gets you the permissions assigned to that folder in SharePoint Online.
    sharepoint online folder permissions powershell
  • You can scroll down and click on "Advanced" button to get into the page where you can view folder permissions in a single page.
    sharepoint online library folder permissions

SharePoint Online: PowerShell to Get Folder Permissions
Here is the PowerShell to get folder permissions in SharePoint Online
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
#Function to Get Folder Permissions
Function Get-SPOFolderPermission([String]$SiteURL, [String]$FolderRelativeURL)
{
    Try{
        #Setup the context
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
        $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
     
        #Get the Folder
        $Folder = $Ctx.Web.GetFolderByServerRelativeUrl($FolderRelativeURL)
        $Ctx.Load($Folder)
        $Ctx.ExecuteQuery()

        #Get permissions assigned to the Folder
        $RoleAssignments = $Folder.ListItemAllFields.RoleAssignments
        $Ctx.Load($RoleAssignments)
        $Ctx.ExecuteQuery()

        #Loop through each permission assigned and extract details
        $PermissionCollection = @()
        Foreach($RoleAssignment in $RoleAssignments)
        { 
            $Ctx.Load($RoleAssignment.Member)
            $Ctx.executeQuery()

            #Get the User Type
            $PermissionType = $RoleAssignment.Member.PrincipalType

            #Get the Permission Levels assigned
            $Ctx.Load($RoleAssignment.RoleDefinitionBindings)
            $Ctx.ExecuteQuery()
            $PermissionLevels = ($RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name) -join ","
            
            #Get the User/Group Name
            $Name = $RoleAssignment.Member.Title # $RoleAssignment.Member.LoginName

            #Add the Data to Object
            $Permissions = New-Object PSObject
            $Permissions | Add-Member NoteProperty Name($Name)
            $Permissions | Add-Member NoteProperty Type($PermissionType)
            $Permissions | Add-Member NoteProperty PermissionLevels($PermissionLevels)
            $PermissionCollection += $Permissions
        }
        Return $PermissionCollection
    }
    Catch {
    write-host -f Red "Error Getting Folder Permissions!" $_.Exception.Message
    }
}
 
#Set Config Parameters
$SiteURL="https://crescenttech.sharepoint.com/sites/Marketing"
$FolderRelativeURL="/sites/Marketing/Shared Documents/2018"
 
#Get Credentials to connect
$Cred= Get-Credential
 
#Call the function to Get Folder Permissions
Get-SPOFolderPermission $SiteURL $FolderRelativeURL

This script generates folder permissions report. If you need to export these permission settings to a CSV file, you can simply use:
#Call the function to Get Folder Permissions an export to CSV file
Get-SPOFolderPermission $SiteURL $FolderRelativeURL | Export-CSV "C:\Temp\FolderPermissions.csv" -NoTypeInformation
sharepoint online powershell get folder permissions
Here is my another post on Set Folder permissions in SharePoint Online: SharePoint Online: Change Folder Permissions using PowerShell

SharePoint Online Folder Permissions Report using PnP PowerShell 
How about expanding each group and generating report which lists all users of the group? Well, this time lets do that with PnP PowerShell! This PowerShell script exports folder permissions to a CSV file.
#Function to Get Permissions Applied on a particular Object such as: Web, List, Library, Folder or List Item
Function Get-PnPPermissions([Microsoft.SharePoint.Client.SecurableObject]$Object)
{
    Try {
        #Get permissions assigned to the Folder
        Get-PnPProperty -ClientObject $Object -Property HasUniqueRoleAssignments, RoleAssignments

        #Check if Object has unique permissions
        $HasUniquePermissions = $Object.HasUniqueRoleAssignments
   
        #Loop through each permission assigned and extract details
        $PermissionCollection = @()
        Foreach($RoleAssignment in $Object.RoleAssignments)
        { 
            #Get the Permission Levels assigned and Member
            Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member
   
            #Get the Principal Type: User, SP Group, AD Group
            $PermissionType = $RoleAssignment.Member.PrincipalType
            $PermissionLevels = $RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name

            #Remove Limited Access
            $PermissionLevels = ($PermissionLevels | Where { $_ –ne "Limited Access"}) -join ","
            If($PermissionLevels.Length -eq 0) {Continue}

            #Get SharePoint group members
            If($PermissionType -eq "SharePointGroup")
            {
                #Get Group Members
                $GroupMembers = Get-PnPGroupMembers -Identity $RoleAssignment.Member.LoginName
                
                #Leave Empty Groups
                If($GroupMembers.count -eq 0){Continue}

                ForEach($User in $GroupMembers)
                {
                    #Add the Data to Object
                    $Permissions = New-Object PSObject
                    $Permissions | Add-Member NoteProperty User($User.Title)
                    $Permissions | Add-Member NoteProperty Type($PermissionType)
                    $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
                    $Permissions | Add-Member NoteProperty GrantedThrough("SharePoint Group: $($RoleAssignment.Member.LoginName)")
                    $PermissionCollection += $Permissions
                }
            }
            Else
            {
                #Add the Data to Object
                $Permissions = New-Object PSObject
                $Permissions | Add-Member NoteProperty User($RoleAssignment.Member.Title)
                $Permissions | Add-Member NoteProperty Type($PermissionType)
                $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
                $Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions")
                $PermissionCollection += $Permissions
            }
        }
        #Export Permissions to CSV File
        $PermissionCollection | Export-CSV $ReportFile -NoTypeInformation
        Write-host -f Green "`n*** Folder Permission Report Generated Successfully!***"
    }
    Catch {
    write-host -f Red "Error Generating Folder Permission Report!" $_.Exception.Message
    }
}
  
#region ***Parameters***
$SiteURL="https://crescent.sharepoint.com/sites/marketing"
$ReportFile="C:\Temp\FolderPermissionRpt.csv"
$FolderRelativeURL = "/sites/marketing/Shared Documents/2019" 
#endregion

#Connect to the Site collection
Connect-PnPOnline -URL $SiteURL -UseWebLogin

#Get the Folder from URL
$Folder = Get-PnPFolder -Url $FolderRelativeURL

#Call the function to generate permission report
Get-PnPPermissions $Folder.ListItemAllFields
and the result report:
sharepoint online folder permissions report

Tips: Can I use this script to get permissions of a File? Sure! Just get the file and call the function.

$File = Get-PnPFile -Url $filePath -AsListItem
Get-PnPPermissions $File
SharePoint Online: PowerShell to Get Folder Permissions SharePoint Online: PowerShell to Get Folder Permissions Reviewed by Salaudeen Rajack on March 18, 2018 Rating: 5

2 comments:

  1. Thanks, is it possible to generate folder permission for subfolders?

    ReplyDelete
    Replies
    1. Yes, Just get the Subfolder How to Get a Folder/Sub-Folder in SharePoint Online? and call the function:
      Get-PnPPermissions $Folder.ListItemAllFields

      Delete

Please Login and comment to get your questions answered!

Powered by Blogger.