Share via

SharePoint Online reporting permissions advice

crib bar 846 Reputation points
2023-03-08T14:48:49.7233333+00:00

Are there any default security roles & reports in SharePoint Online/Office 365/Azure AD that would allow a user to document a SharePoint online instance, namely their objectives are:

  1. Produce a Diagrammatic overview of the SharePoint online instances hierarchy, including site collections, sites under those collections, document libraries, files under each library etc.
  2. Produce a set of permissions for all levels of the SharePoint online instances hierarchy, exported to CSV, so they can check who has access to particularly sensitive documents etc.

For on-prem file servers, there was a custom security group that had full control over all user shares/directories on the server, so they could be added temporarily to that group to produce their reports (under change control request & authorisation). Otherwise the request would have to be made for someone member of domain admins or equivalent file server admin group member to run the report on their behalf, which is not ideal. 

The ideal group/role would be a group or role that had read-only access to produce the reports, but could not change any settings, delete any files etc etc.

  1. Is there any obvious role/group you can think of if you have done work with SharePoint Online? E.g., an ‘instance wide’ read only admin group that meets the above criteria? 
  2. Out of interest, is there an equivalent “domain admins” for SharePoint Online/AAD, would this be “Global Admins”? And would membership of the equivalent be able to produce such reports, or does this require something more SharePoint specific permission wise? 
  3. Would “global reader” be able to produce such SharePoint online reports? Or again, does this require something more SharePoint specific permission wise? 
  4. Are there any open-source of commercial apps that you have worked with that specialise in creating custom reporting in these standard audit/compliance areas.
Microsoft 365 and Office Install, redeem, activate For business Windows
Microsoft 365 and Office SharePoint For business Windows
Microsoft 365 and Office Development Microsoft 365 Publishing
Microsoft Security Microsoft Entra Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Yanli Jiang - MSFT 31,596 Reputation points Microsoft External Staff
    2023-03-09T09:46:14.0566667+00:00

    Hi @crib bar ,

    For producing a Diagrammatic overview of the SharePoint online instances hierarchy, there is no OOTB solution currently.

    You may use 3rd party tools to make it.

    To address your concern about the situation, we’d suggest you go to feedback on this issue, this is the best platform to let us hear from you and make our products and services better for you and others.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.