![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 67%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,802 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 65%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Hi @Josh Stokes,
You can use PnP PowerSHell to retrieve library permissions. Here is a script which can do this, you just need to enter your username, site URL, and document library for which you want to get permissions. Script gets all the users, SharePoint groups and members of the SharePoint groups and permission assigned to them.
# install PnP module
Install-Module PnP.PowerShell
# variables to define
$username = "yourUsername"
$siteUrl = "https://companyName.sharepoint.com/sites/test"
$outputFile = "C:\LibraryPermissions.csv"
$libraryName = "Shared Library"
# connect to SP online site collection
$credential = Get-Credential -UserName $username -Message "Type the password:"
Connect-PnPOnline -Url $siteUrl -Credentials $credential
# output file name and location
if (Test-Path $OutputReport)
{
Remove-Item $OutputReport
}
"Title `t LoginName `t PrincipalType `t Permission `t GivenThrough" | Out-File $outputFile -Append
#get document library
$library = Get-PnpList -Identity $libraryName -Includes RoleAssignments
# get all the users and groups who has access
$roleAssignments = $library.RoleAssignments
foreach ($roleAssignment in $roleAssignments)
{
Get-PnPProperty -ClientObject $roleAssignment -Property RoleDefinitionBindings, Member
$loginName = $roleAssignment.Member.LoginName
$title = $roleAssignment.Member.Title
$principalType = $roleAssignment.Member.PrincipalType
$givenThrough = ""
$permissionLevel = ""
# loop through permission levels assigned to specific user/group
foreach ($roleDefinition in $roleAssignment.RoleDefinitionBindings){
$PermissionLevel += $RoleDefinition.Name + ";"
}
$givenThrough = "Given directly"
"$($title) `t $($loginName) `t $($principalType) `t $($permissionLevel) `t $($givenThrough)" | Out-File $outputFile -Append
# if principal is SharePoint group -> get SharePoint group members
if ($roleAssignment.Member.PrincipalType.ToString() -eq "SharePointGroup")
{
$givenThrough = $roleAssignment.Member.Title.ToString()
$groupMembers = Get-PnpGroupMembers -Identity $roleAssignment.Member.LoginName
foreach ($member in $groupMembers)
{
"$($member.Title) `t $($member.LoginName) `t $($member.PrincipalType) `t $($permissionLevel) `t $($title)" | Out-File $outputFile -Append
}
}
}
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.