Extract SharePoint Permission with PowerShell


Overview


Managing permissions in SharePoint can be a complex task, especially as your SharePoint environment grows with more sites, libraries, and users. To efficiently navigate and understand the existing permissions within your SharePoint site, PowerShell proves to be a valuable tool. In this blog post, we will delve into the process of extracting SharePoint permissions using PowerShell, providing administrators with a powerful and flexible method to audit, analyze, and manage access control.


Extract Users Permissions

To extract permissions in SharePoint using PowerShell, you can use the SharePoint Online Management Shell, which provides cmdlets specifically designed for SharePoint Online. Here’s a basic example of how you can extract permissions for a SharePoint site using PowerShell:


# Connect to SharePoint Online
$adminSiteUrl = "https://yourtenant-admin.sharepoint.com"
$userName = "admin@yourtenant.onmicrosoft.com"
$password = "YourPassword"

$secPassword = ConvertTo-SecureString $password -AsPlainText -Force
$credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($userName, $secPassword)

Connect-SPOService -Url $adminSiteUrl -Credential $credentials

# Specify the URL of the SharePoint site for which you want to extract permissions
$siteUrl = "https://yourtenant.sharepoint.com/sites/yoursite"

# Get the SharePoint context
$ctx = Get-SPOContext

# Get the site object
$site = Get-SPOSite -Identity $siteUrl -Detailed

# Get the root web of the site
$web = $site.RootWeb

# Retrieve permissions for the site
$permissions = $web.RoleAssignments | ForEach-Object {
    $_.Member.Name + " - " + $_.RoleDefinitionBindings.Name
}

# Display the permissions
$permissions | Out-GridView

# Disconnect from SharePoint Online
Disconnect-SPOService

Make sure to replace the placeholder values with your actual SharePoint Online admin site URL, username, password, and the URL of the SharePoint site you want to extract permissions from.

This script connects to SharePoint Online, retrieves the root web of the specified site, and then retrieves and displays the permissions using the RoleAssignments and RoleDefinitionBindings properties. You can customize the script further based on your specific requirements.


Export SharePoint permissions to a CSV file

This script retrieves the permissions of a SharePoint site and exports them to a CSV file.

# Function to recursively get permissions for a SharePoint group or user
function Get-SPPermissions($web, $groupName, $outputArray) {
    $group = $web.SiteGroups.GetByName($groupName)
    $roleAssignments = $web.RoleAssignments.GetAssignmentByPrincipal($group)

    foreach ($roleAssignment in $roleAssignments) {
        $member = $roleAssignment.Member
        $memberName = $member.LoginName
        $roleBindings = $roleAssignment.RoleDefinitionBindings | Select-Object Name
        $roleNames = $roleBindings -join ","

        $permissionInfo = New-Object PSObject -property @{
            Member = $memberName
            Permissions = $roleNames
        }

        $outputArray += $permissionInfo

        # If the member is a SharePoint group, recursively get its permissions
        if ($member.MemberType -eq "Group") {
            Get-SPPermissions -web $web -groupName $memberName -outputArray $outputArray
        }
    }
}

# Connect to SharePoint Online
$adminSiteUrl = "https://yourtenant-admin.sharepoint.com"
$userName = "admin@yourtenant.onmicrosoft.com"
$password = "YourPassword"

$secPassword = ConvertTo-SecureString $password -AsPlainText -Force
$credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($userName, $secPassword)

Connect-SPOService -Url $adminSiteUrl -Credential $credentials

# Specify the URL of the SharePoint site for which you want to extract permissions
$siteUrl = "https://yourtenant.sharepoint.com/sites/yoursite"

# Get the SharePoint context
$ctx = Get-SPOContext

# Get the site object
$site = Get-SPOSite -Identity $siteUrl -Detailed

# Get the root web of the site
$web = $site.RootWeb

# Array to store permission information
$permissionsArray = @()

# Call the function to get permissions recursively
Get-SPPermissions -web $web -groupName "YourGroupName" -outputArray $permissionsArray

# Export permissions to CSV
$permissionsArray | Export-Csv -Path "C:\Path\To\Export\Permissions.csv" -NoTypeInformation

# Disconnect from SharePoint Online
Disconnect-SPOService

Make sure to replace the placeholder values with your actual SharePoint Online admin site URL, username, password, and the URL of the SharePoint site you want to extract permissions from. Adjust the output CSV path as needed.

This script defines a function Get-SPPermissions that recursively retrieves permissions for a SharePoint group or user. It then connects to SharePoint Online, retrieves the permissions, and exports them to a CSV file.


Conclusion


In conclusion, extracting permissions in SharePoint using PowerShell is a crucial skill for administrators seeking efficient and comprehensive control over their SharePoint environments. The PowerShell script provided in this guide serves as a powerful tool to uncover and analyze permissions across sites, enabling administrators to make informed decisions about access control.


Automation Cascading StyleSheet Cheat Sheet Collaboration Competitors Content Type CSS Currency Date Formats Design Flows HTML5 Intl Issues Javascript JavsScript Luxon Microsoft Teams ModernScriptEditor Myths NodeJs O365 Office 365 OneDrive Overflow PnP Power Automate PowerShell Rest Endpoint ScriptEditor scss Send an HTTP Request to SharePoint SharePoint SharePoint Architecture SharePoint Designs SharePoint Modern SharePoint Online SPFX SPO Styling Sync Teams Teams App Termstore Workflows


1 thought on “Extract SharePoint Permission with PowerShell”

  1. Kleurplaat Voetbal

    Terrific post however , I was wanting to know if you
    could write a litte more on this topic? I’d be very thankful if you could elaborate a little bit more.
    Thanks!

Leave a Comment

Your email address will not be published. Required fields are marked *