About getting Sharepoint folder permission script

ネパリ サンデャ 500 Reputation points
2023-12-01T00:58:36.57+00:00

I want to get Sharepoint folder permission using powershell
I tried by myself but cannot able to get the permission It could be helpful Is someone help me

Thank you

Microsoft 365 and Office | SharePoint | For business | Windows
0 comments No comments
{count} votes

Accepted answer
  1. Ling Zhou_MSFT 23,620 Reputation points Microsoft External Staff
    2023-12-01T05:12:09.4533333+00:00

    Hi @ネパリ サンデャ,

    If you are using SharePoint Online, I recommend that you use SharePoint Online Management PowerShell to execute the PowerShell.

    1.Download SharePoint Online Management PowerShell.

    2.Open SharePoint Online Management Shell and execute the following PowerShell. Please modify the parameters at the bottom to specify your folder and report export path. Make sure you are the administrator of the site.

    #Function to Get Folder Permissions
    Function Get-SPOFolderPermission([String]$SiteURL, [String]$FolderRelativeURL)
    {
        Try{
            #Setup the context
            $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
            $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
          
            #Get the Folder
            $Folder = $Ctx.Web.GetFolderByServerRelativeUrl($FolderRelativeURL)
            $Ctx.Load($Folder)
            $Ctx.ExecuteQuery()
     
            #Get permissions assigned to the Folder
            $RoleAssignments = $Folder.ListItemAllFields.RoleAssignments
            $Ctx.Load($RoleAssignments)
            $Ctx.ExecuteQuery()
     
            #Loop through each permission assigned and extract details
            $PermissionCollection = @()
            Foreach($RoleAssignment in $RoleAssignments)
            {
                $Ctx.Load($RoleAssignment.Member)
                $Ctx.executeQuery()
     
                #Get the User Type
                $PermissionType = $RoleAssignment.Member.PrincipalType
     
                #Get the Permission Levels assigned
                $Ctx.Load($RoleAssignment.RoleDefinitionBindings)
                $Ctx.ExecuteQuery()
                $PermissionLevels = ($RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name) -join ","
                 
                #Get the User/Group Name
                $Name = $RoleAssignment.Member.Title # $RoleAssignment.Member.LoginName
     
                #Add the Data to Object
                $Permissions = New-Object PSObject
                $Permissions | Add-Member NoteProperty Name($Name)
                $Permissions | Add-Member NoteProperty Type($PermissionType)
                $Permissions | Add-Member NoteProperty PermissionLevels($PermissionLevels)
                $PermissionCollection += $Permissions
            }
            Return $PermissionCollection
        }
        Catch {
        write-host -f Red "Error Getting Folder Permissions!" $_.Exception.Message
        }
    }
      
    #Set Config Parameters
    $SiteURL="https://yourTenant.sharepoint.com/sites/yourSite"
    $FolderRelativeURL="/sites/yourSite/yourLibrary/yourFolder"
     
    #Get Credentials to connect
    $Cred= Get-Credential 
    #Call the function to Get Folder Permissions an export to CSV file
    Get-SPOFolderPermission $SiteURL $FolderRelativeURL | Export-CSV "C:\yourPath\FolderPermissions.csv" -NoTypeInformation
    

    Here is my test result:

    User's image


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


1 additional answer

Sort by: Most helpful
  1. Ling Zhou_MSFT 23,620 Reputation points Microsoft External Staff
    2023-12-01T08:02:54.8+00:00

    Hi @ネパリ サンデャ,

    If you are not using the SharePoint Online Management Shell, you can use PnP PowerShell. You need to install the PnP PowerShell module first using the PowerShell that comes with windows and then execute PnP PowerShell.

    1.Installing PnP PowerShell module.

    2.Please modify the parameters at the bottom to specify your folder and report export path. Make sure you are the administrator of the site. Please try this PnP PowerShell:

    #Function to Get Permissions Applied on a particular Object such as: Web, List, Library, Folder or List Item
    Function Get-PnPPermissions([Microsoft.SharePoint.Client.SecurableObject]$Object)
    {
        Try {
            #Get permissions assigned to the Folder
            Get-PnPProperty -ClientObject $Object -Property HasUniqueRoleAssignments, RoleAssignments
     
            #Check if Object has unique permissions
            $HasUniquePermissions = $Object.HasUniqueRoleAssignments
        
            #Loop through each permission assigned and extract details
            $PermissionCollection = @()
            Foreach($RoleAssignment in $Object.RoleAssignments)
            {
                #Get the Permission Levels assigned and Member
                Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member
        
                #Get the Principal Type: User, SP Group, AD Group
                $PermissionType = $RoleAssignment.Member.PrincipalType
                $PermissionLevels = $RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name
     
                #Remove Limited Access
                $PermissionLevels = ($PermissionLevels | Where { $_ -ne "Limited Access"}) -join ","
                If($PermissionLevels.Length -eq 0) {Continue}
     
                #Get SharePoint group members
                If($PermissionType -eq "SharePointGroup")
                {
                    #Get Group Members
                    $GroupMembers = Get-PnPGroupMember -Identity $RoleAssignment.Member.LoginName
                     
                    #Leave Empty Groups
                    If($GroupMembers.count -eq 0){Continue}
     
                    ForEach($User in $GroupMembers)
                    {
                        #Add the Data to Object
                        $Permissions = New-Object PSObject
                        $Permissions | Add-Member NoteProperty User($User.Title)
                        $Permissions | Add-Member NoteProperty Type($PermissionType)
                        $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
                        $Permissions | Add-Member NoteProperty GrantedThrough("SharePoint Group: $($RoleAssignment.Member.LoginName)")
                        $PermissionCollection += $Permissions
                    }
                }
                Else
                {
                    #Add the Data to Object
                    $Permissions = New-Object PSObject
                    $Permissions | Add-Member NoteProperty User($RoleAssignment.Member.Title)
                    $Permissions | Add-Member NoteProperty Type($PermissionType)
                    $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
                    $Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions")
                    $PermissionCollection += $Permissions
                }
            }
            #Export Permissions to CSV File
            $PermissionCollection | Export-CSV $ReportFile -NoTypeInformation
            Write-host -f Green "`n*** Folder Permission Report Generated Successfully!***"
        }
        Catch {
        write-host -f Red "Error Generating Folder Permission Report!" $_.Exception.Message
        }
    }
       
    #region ***Parameters***
    $SiteURL="https://yourTenant.sharepoint.com/sites/yourSite"
    $ReportFile="C:\FolderPermissionRpt.csv"
    $FolderRelativeURL = "/sites/yourSite/yourLibrary/yourFolder"
    #endregion
     
    #Connect to the Site collection
    Connect-PnPOnline -URL $SiteURL -Interactive
     
    #Get the Folder from URL
    $Folder = Get-PnPFolder -Url $FolderRelativeURL
     
    #Call the function to generate permission report
    Get-PnPPermissions $Folder.ListItemAllFields
    

    Here is my test result:

    image


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.