SharePoint Online: PowerShell to Get Folder Permissions

Requirement: Get Folder Permissions in SharePoint Online using PowerShell

How to Get Folder Permissions in SharePoint Online?

Folder level permission in SharePoint Online helps to obtain fine-grained permissions. To view folder level permission in SharePoint Online:

  • Go to the library where the folder to check permissions. Select the Folder and from the Information panel, click on the “Manage Access” link.  folder level permission in sharepoint online
  • This gets you the permissions assigned to that folder in SharePoint Online. sharepoint online folder permissions powershell
  • You can scroll down and click on the “Advanced” button to get into the page where you can view folder permissions on a single page.
    sharepoint online library folder permissions

SharePoint Online: PowerShell to Get Folder Permissions

Here is the PowerShell to get folder permissions in SharePoint Online

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
#Function to Get Folder Permissions
Function Get-SPOFolderPermission([String]$SiteURL, [String]$FolderRelativeURL)
{
    Try{
        #Setup the context
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
        $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
     
        #Get the Folder
        $Folder = $Ctx.Web.GetFolderByServerRelativeUrl($FolderRelativeURL)
        $Ctx.Load($Folder)
        $Ctx.ExecuteQuery()

        #Get permissions assigned to the Folder
        $RoleAssignments = $Folder.ListItemAllFields.RoleAssignments
        $Ctx.Load($RoleAssignments)
        $Ctx.ExecuteQuery()

        #Loop through each permission assigned and extract details
        $PermissionCollection = @()
        Foreach($RoleAssignment in $RoleAssignments)
        { 
            $Ctx.Load($RoleAssignment.Member)
            $Ctx.executeQuery()

            #Get the User Type
            $PermissionType = $RoleAssignment.Member.PrincipalType

            #Get the Permission Levels assigned
            $Ctx.Load($RoleAssignment.RoleDefinitionBindings)
            $Ctx.ExecuteQuery()
            $PermissionLevels = ($RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name) -join ","
            
            #Get the User/Group Name
            $Name = $RoleAssignment.Member.Title # $RoleAssignment.Member.LoginName

            #Add the Data to Object
            $Permissions = New-Object PSObject
            $Permissions | Add-Member NoteProperty Name($Name)
            $Permissions | Add-Member NoteProperty Type($PermissionType)
            $Permissions | Add-Member NoteProperty PermissionLevels($PermissionLevels)
            $PermissionCollection += $Permissions
        }
        Return $PermissionCollection
    }
    Catch {
    write-host -f Red "Error Getting Folder Permissions!" $_.Exception.Message
    }
}
 
#Set Config Parameters
$SiteURL="https://crescenttech.sharepoint.com/sites/Marketing"
$FolderRelativeURL="/sites/Marketing/Shared Documents/2018"
 
#Get Credentials to connect
$Cred= Get-Credential
 
#Call the function to Get Folder Permissions
Get-SPOFolderPermission $SiteURL $FolderRelativeURL

This script generates folder permissions report. If you need to export these permission settings to a CSV file, you can simply use:

#Call the function to Get Folder Permissions an export to CSV file
Get-SPOFolderPermission $SiteURL $FolderRelativeURL | Export-CSV "C:\Temp\FolderPermissions.csv" -NoTypeInformation
sharepoint online powershell get folder permissions

Here is my another post on Set Folder permissions in SharePoint Online: SharePoint Online: Change Folder Permissions using PowerShell

SharePoint Online Folder Permissions Report using PnP PowerShell

How about expanding each group and generating a report which lists all users of the group? Well, this time let’s do that with PnP PowerShell! This PowerShell script exports folder permissions to a CSV file.

#Function to Get Permissions Applied on a particular Object such as: Web, List, Library, Folder or List Item
Function Get-PnPPermissions([Microsoft.SharePoint.Client.SecurableObject]$Object)
{
    Try {
        #Get permissions assigned to the Folder
        Get-PnPProperty -ClientObject $Object -Property HasUniqueRoleAssignments, RoleAssignments

        #Check if Object has unique permissions
        $HasUniquePermissions = $Object.HasUniqueRoleAssignments
   
        #Loop through each permission assigned and extract details
        $PermissionCollection = @()
        Foreach($RoleAssignment in $Object.RoleAssignments)
        { 
            #Get the Permission Levels assigned and Member
            Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member
   
            #Get the Principal Type: User, SP Group, AD Group
            $PermissionType = $RoleAssignment.Member.PrincipalType
            $PermissionLevels = $RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name

            #Remove Limited Access
            $PermissionLevels = ($PermissionLevels | Where { $_ -ne "Limited Access"}) -join ","
            If($PermissionLevels.Length -eq 0) {Continue}

            #Get SharePoint group members
            If($PermissionType -eq "SharePointGroup")
            {
                #Get Group Members
                $GroupMembers = Get-PnPGroupMembers -Identity $RoleAssignment.Member.LoginName
                
                #Leave Empty Groups
                If($GroupMembers.count -eq 0){Continue}

                ForEach($User in $GroupMembers)
                {
                    #Add the Data to Object
                    $Permissions = New-Object PSObject
                    $Permissions | Add-Member NoteProperty User($User.Title)
                    $Permissions | Add-Member NoteProperty Type($PermissionType)
                    $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
                    $Permissions | Add-Member NoteProperty GrantedThrough("SharePoint Group: $($RoleAssignment.Member.LoginName)")
                    $PermissionCollection += $Permissions
                }
            }
            Else
            {
                #Add the Data to Object
                $Permissions = New-Object PSObject
                $Permissions | Add-Member NoteProperty User($RoleAssignment.Member.Title)
                $Permissions | Add-Member NoteProperty Type($PermissionType)
                $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
                $Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions")
                $PermissionCollection += $Permissions
            }
        }
        #Export Permissions to CSV File
        $PermissionCollection | Export-CSV $ReportFile -NoTypeInformation
        Write-host -f Green "`n*** Folder Permission Report Generated Successfully!***"
    }
    Catch {
    write-host -f Red "Error Generating Folder Permission Report!" $_.Exception.Message
    }
}
  
#region ***Parameters***
$SiteURL="https://crescent.sharepoint.com/sites/marketing"
$ReportFile="C:\Temp\FolderPermissionRpt.csv"
$FolderRelativeURL = "/sites/marketing/Shared Documents/2019" 
#endregion

#Connect to the Site collection
Connect-PnPOnline -URL $SiteURL -UseWebLogin

#Get the Folder from URL
$Folder = Get-PnPFolder -Url $FolderRelativeURL

#Call the function to generate permission report
Get-PnPPermissions $Folder.ListItemAllFields

and the result report:

sharepoint online folder permissions report
Tips: Can I use this script to get permissions of a File? Sure! Just get the file and call the function. $File = Get-PnPFile -Url $filePath -AsListItem
Get-PnPPermissions $File

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

8 thoughts on “SharePoint Online: PowerShell to Get Folder Permissions

Leave a Reply