Generate Shared Links Permission Report in SharePoint Online
Requirement: Generate a permission report for all links shared through SharePoint Online’s “Share” feature.
Get All Shared Links Permission in SharePoint Online Document Library using PowerShell
When you share a file or folder in SharePoint Online, It breaks the permission inheritance of the particular item and grants unique permissions.
Here is the PowerShell script to scan all shared links in a document library and export them to a CSV report.
# Parameters
$SiteUrl = "https://Crescent.sharepoint.com/sites/Marketing"
$ReportOutput = "C:\Temp\SharingLinkPermissions.csv"
$ListName = "Branding"
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Interactive
$Ctx = Get-PnPContext
$Results = @()
$global:counter = 0
#Get all list items in batches
$ListItems = Get-PnPListItem -List $ListName -PageSize 2000
$ItemCount = $ListItems.Count
#Iterate through each list item
ForEach($Item in $ListItems)
{
Write-Progress -PercentComplete ($global:Counter / ($ItemCount) * 100) -Activity "Getting Shared Links from '$($Item.FieldValues["FileRef"])'" -Status "Processing Items $global:Counter to $($ItemCount)";
#Check if the Item has unique permissions
$HasUniquePermissions = Get-PnPProperty -ClientObject $Item -Property "HasUniqueRoleAssignments"
If($HasUniquePermissions)
{
#Get Users and Assigned permissions
$RoleAssignments = Get-PnPProperty -ClientObject $Item -Property RoleAssignments
ForEach($RoleAssignment in $RoleAssignments)
{
$Members = Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member
#Get list of users
$Users = Get-PnPProperty -ClientObject ($RoleAssignment.Member) -Property Users -ErrorAction SilentlyContinue
#Get Access type
$AccessType = $RoleAssignment.RoleDefinitionBindings.Name
If ($RoleAssignment.Member.Title -like "SharingLinks*")
{
If ($Users -ne $null)
{
ForEach ($User in $Users)
{
#Collect the data
$Results += New-Object PSObject -property $([ordered]@{
Name = $Item.FieldValues["FileLeafRef"]
RelativeURL = $Item.FieldValues["FileRef"]
FileType = $Item.FieldValues["File_x0020_Type"]
UserName = $user.Title
UserAccount = $User.LoginName
Email = $User.Email
Access = $AccessType
})
}
}
}
}
}
$global:counter++
}
$Results | Export-CSV $ReportOutput -NoTypeInformation
Write-host -f Green "Sharing Links Report Generated Successfully!"
This script generates all Shared Links to a CSV report from a SharePoint Online document library. To remove shared links in SharePoint Online with PowerShell, refer to How to Remove all Shared Links in SharePoint Online using PowerShell?
If the script returns a sharing link but I don’t see this from the sharepoint user interface; what could be the cause of this?
I am owner and can manage access on the listed object.
Can you provide us the option to generate the report at a specific folder in the library? Don’t need a report for the whole library but at a specific folder in the library. Thx in advance!
Just get all items in the folder and then proceed with the rest of the script. E.g. Replace Line#13 with:
$FolderServerRelativeURL = “/Sites/Marketing/Shared Documents/New”
#Get All Items from the Folder
$CAMLQuery = “$FolderServerRelativeURL”
$ListItems = Get-PnPListItem -List $ListName -Query $CAMLQuery
More info on getting all items from a Folder: How to Get All Items from a Folder in SharePoint Online?