Forum Discussion

xoxidein's avatar
xoxidein
Iron Contributor
Mar 22, 2023

List SharePoint Sites, their Libraries, their folders, and their Permissions for Given User

I need to run an audit on the permissions without our SharePoint instance. I'm trying to mix a bunch of code together to achieve this and I'm failing. I would like an output like this:       S...
sharepoint
Varun_Ghildiyal's avatar
Varun_Ghildiyal
Brass Contributor
Mar 28, 2023

xoxidein 

 

To achieve the desired output, you need to loop through each site collection, and for each site collection, you need to get all the document libraries and loop through each library to get the associated permissions.

This script modification might help you.

#Set Parameter
$TenantSiteURL="https://contoso.sharepoint.com"
  
#Connect to the Tenant site
Connect-PnPOnline -Url $TenantSiteURL -Credentials (Get-Credential)

#Get All Site collections - Exclude: Seach Center, Redirect site, Mysite Host, App Catalog, Content Type Hub, eDiscovery and Bot Sites
$SiteCollections = Get-PnPTenantSite | Where -Property Template -NotIn ("SRCHCEN#0", "REDIRECTSITE#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")

#Loop through each site collection
ForEach($Site in $SiteCollections)
{
    Write-Host ""
    Write-Host "Site: $($Site.Title)"

    #Get all document libraries
    $DocLibs = Get-PnPList -Web $Site.Url -Template "DocumentLibrary"

    #Loop through each library to get permissions
    ForEach($Lib in $DocLibs)
    {
        $Permissions = Get-PnPProperty -ClientObject $Lib -Property EffectiveBasePermissions

        #Loop through each permission level and output the library and permission
        ForEach($Perm in $Permissions)
        {
            $PermLevels = $Perm.FieldValues

            #Check if the user has any permission on the library
            If(($PermLevels.FullMask -band [Microsoft.SharePoint.Client.PermissionKind]::ViewListItems) -ne 0)
            {
                Write-Host "`t$($Lib.Title)`t`tRead"
            }
            If(($PermLevels.FullMask -band [Microsoft.SharePoint.Client.PermissionKind]::EditListItems) -ne 0)
            {
                Write-Host "`t$($Lib.Title)`t`tContribute"
            }
            If(($PermLevels.FullMask -band [Microsoft.SharePoint.Client.PermissionKind]::DeleteListItems) -ne 0)
            {
                Write-Host "`t$($Lib.Title)`t`tDelete"
            }
            If(($PermLevels.FullMask -band [Microsoft.SharePoint.Client.PermissionKind]::ManagePermissions) -ne 0)
            {
                Write-Host "`t$($Lib.Title)`t`tFull Control"
            }
        }
    }
}

 

This script loops through each site collection, gets all the document libraries, and then loops through each library to get the permissions. It then outputs the library name and associated permission level for each library that has any permission. You can modify this script to output the results to a CSV file or format it in any way you like.

  • LaurentF1000's avatar
    LaurentF1000
    Copper Contributor
    Feb 21, 2025

    Hello Varun_Ghildiyal , seems that the get-pnplist -web command doesn't work anymore :(

Resources