Forum Discussion
List SharePoint Sites, their Libraries, their folders, and their Permissions for Given User
I need to run an audit on the permissions without our SharePoint instance.
I'm trying to mix a bunch of code together to achieve this and I'm failing.
I would like an output like this:
Site 1
Title Permission
----------------------------------------
Library 1 Read
Library 2 Full Control
Library 3 Contribute
Library 4 Read
Library 5 Contribute
Site 2
Title Permission
----------------------------------------
Library 1 Read
Library 2 Full Control
Library 3 Contribute
Library 4 Read
Library 5 Contribute
The closest I've gotten is permissions looping through the Sites, but it keeps outputting the same libraries for each site, and it's not even accurate.
#Set Parameter
$TenantSiteURL="https://contoso.sharepoint.com"
#Connect to the Tenant site
Connect-PnPOnline -Url $TenantSiteURL -Credentials (Get-Credential)
#Get All Site collections - Exclude: Seach Center, Redirect site, Mysite Host, App Catalog, Content Type Hub, eDiscovery and Bot Sites
$SiteCollections = Get-PnPTenantSite | Where -Property Template -NotIn ("SRCHCEN#0", "REDIRECTSITE#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")
#Loop through each site collection
ForEach($Site in $SiteCollections)
{
Write-Host ""
$Site.Title
#Get all document libraries
$DocLibs = Get-PnPList
#Get ID and Title of the document library
$DocLibs.Title
}To achieve the desired output, you need to loop through each site collection, and for each site collection, you need to get all the document libraries and loop through each library to get the associated permissions.
This script modification might help you.
#Set Parameter $TenantSiteURL="https://contoso.sharepoint.com" #Connect to the Tenant site Connect-PnPOnline -Url $TenantSiteURL -Credentials (Get-Credential) #Get All Site collections - Exclude: Seach Center, Redirect site, Mysite Host, App Catalog, Content Type Hub, eDiscovery and Bot Sites $SiteCollections = Get-PnPTenantSite | Where -Property Template -NotIn ("SRCHCEN#0", "REDIRECTSITE#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1") #Loop through each site collection ForEach($Site in $SiteCollections) { Write-Host "" Write-Host "Site: $($Site.Title)" #Get all document libraries $DocLibs = Get-PnPList -Web $Site.Url -Template "DocumentLibrary" #Loop through each library to get permissions ForEach($Lib in $DocLibs) { $Permissions = Get-PnPProperty -ClientObject $Lib -Property EffectiveBasePermissions #Loop through each permission level and output the library and permission ForEach($Perm in $Permissions) { $PermLevels = $Perm.FieldValues #Check if the user has any permission on the library If(($PermLevels.FullMask -band [Microsoft.SharePoint.Client.PermissionKind]::ViewListItems) -ne 0) { Write-Host "`t$($Lib.Title)`t`tRead" } If(($PermLevels.FullMask -band [Microsoft.SharePoint.Client.PermissionKind]::EditListItems) -ne 0) { Write-Host "`t$($Lib.Title)`t`tContribute" } If(($PermLevels.FullMask -band [Microsoft.SharePoint.Client.PermissionKind]::DeleteListItems) -ne 0) { Write-Host "`t$($Lib.Title)`t`tDelete" } If(($PermLevels.FullMask -band [Microsoft.SharePoint.Client.PermissionKind]::ManagePermissions) -ne 0) { Write-Host "`t$($Lib.Title)`t`tFull Control" } } } }This script loops through each site collection, gets all the document libraries, and then loops through each library to get the permissions. It then outputs the library name and associated permission level for each library that has any permission. You can modify this script to output the results to a CSV file or format it in any way you like.
Hello Varun_Ghildiyal , seems that the get-pnplist -web command doesn't work anymore :(
