Generate Shared Links Permission Report in SharePoint Online

Requirement: Generate a permission report for all links shared through SharePoint Online’s “Share” feature.

When you share a file or folder in SharePoint Online, It breaks the permission inheritance of the particular item and grants unique permissions.

sharepoint online share links permission report

Here is the PowerShell script to scan all shared links in a document library and export them to a CSV report.

# Parameters
$SiteUrl = "https://Crescent.sharepoint.com/sites/Marketing"
$ReportOutput = "C:\Temp\SharingLinkPermissions.csv"
$ListName = "Branding"
   
#Connect to PnP Online
Connect-PnPOnline -Url $SiteURL -Interactive
$Ctx = Get-PnPContext
$Results = @()
$global:counter = 0
 
#Get all list items in batches
$ListItems = Get-PnPListItem -List $ListName -PageSize 2000
$ItemCount = $ListItems.Count
  
#Iterate through each list item
ForEach($Item in $ListItems)
{
    Write-Progress -PercentComplete ($global:Counter / ($ItemCount) * 100) -Activity "Getting Shared Links from '$($Item.FieldValues["FileRef"])'" -Status "Processing Items $global:Counter to $($ItemCount)";

    #Check if the Item has unique permissions
    $HasUniquePermissions = Get-PnPProperty -ClientObject $Item -Property "HasUniqueRoleAssignments"
    If($HasUniquePermissions)
    {
        #Get Users and Assigned permissions
        $RoleAssignments = Get-PnPProperty -ClientObject $Item -Property RoleAssignments
        ForEach($RoleAssignment in $RoleAssignments)
        {
            $Members = Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member
            #Get list of users 
            $Users = Get-PnPProperty -ClientObject ($RoleAssignment.Member) -Property Users -ErrorAction SilentlyContinue
            #Get Access type
            $AccessType = $RoleAssignment.RoleDefinitionBindings.Name
            If ($RoleAssignment.Member.Title -like "SharingLinks*")
            {
                If ($Users -ne $null) 
                {
                    ForEach ($User in $Users)
                    {
                        #Collect the data
                        $Results += New-Object PSObject -property $([ordered]@{ 
                        Name  = $Item.FieldValues["FileLeafRef"]            
                        RelativeURL = $Item.FieldValues["FileRef"]
                        FileType = $Item.FieldValues["File_x0020_Type"]
                        UserName = $user.Title
                        UserAccount  = $User.LoginName
                        Email  =  $User.Email
                        Access = $AccessType
                        })
                    }
                       
                }
            }        
        }
    }       
    $global:counter++
}
$Results | Export-CSV $ReportOutput -NoTypeInformation
Write-host -f Green "Sharing Links Report Generated Successfully!"

Salaudeen Rajack

Salaudeen Rajack is a SharePoint Architect with Two decades of SharePoint Experience. He loves sharing his knowledge and experiences with the SharePoint community, through his real-world articles!

2 thoughts on “Generate Shared Links Permission Report in SharePoint Online

  • Can you provide us the option to generate the report at a specific folder in the library? Don’t need a report for the whole library but at a specific folder in the library. Thx in advance!

    Reply
    • Just get all items in the folder and then proceed with the rest of the script. E.g. Replace Line#13 with:

      $FolderServerRelativeURL = “/Sites/Marketing/Shared Documents/New”

      #Get All Items from the Folder
      $CAMLQuery = “$FolderServerRelativeURL”

      $ListItems = Get-PnPListItem -List $ListName -Query $CAMLQuery

      More info on getting all items from a Folder: How to Get All Items from a Folder in SharePoint Online?

      Reply

Leave a Reply