Run report for groups or users that are assigned to files in a document library for Sharepoint

Josh Stokes 20 Reputation points
2024-05-14T02:56:21.74+00:00

Hello,

I have been trying to find a 'simple' script to run to pull a report on permissions for Sharepoint.

It needs to contain a list of users that are assigned to files from the document library.

Thank you for your help.

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,921 questions
SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
3,100 questions
0 comments No comments
{count} votes

Accepted answer
  1. AllenXu-MSFT 21,591 Reputation points Microsoft Vendor
    2024-05-14T06:25:55.41+00:00

    Hi @Josh Stokes,

    You can use PnP PowerSHell to retrieve library permissions. Here is a script which can do this, you just need to enter your username, site URL, and document library for which you want to get permissions. Script gets all the users, SharePoint groups and members of the SharePoint groups and permission assigned to them.

    
    # install PnP module
    Install-Module PnP.PowerShell
    
    # variables to define
    $username = "yourUsername"
    $siteUrl = "https://companyName.sharepoint.com/sites/test"
    $outputFile = "C:\LibraryPermissions.csv"
    $libraryName = "Shared Library"
    
    # connect to SP online site collection
    $credential = Get-Credential -UserName $username -Message "Type the password:"
    Connect-PnPOnline -Url $siteUrl -Credentials $credential
    
    # output file name and location
    if (Test-Path $OutputReport)
    {
        Remove-Item $OutputReport
    }
    "Title `t LoginName `t PrincipalType `t Permission `t GivenThrough" | Out-File $outputFile -Append
    
    #get document library
    $library = Get-PnpList -Identity $libraryName -Includes RoleAssignments
    
    # get all the users and groups who has access
    $roleAssignments = $library.RoleAssignments
    foreach ($roleAssignment in $roleAssignments)
    {
        Get-PnPProperty -ClientObject $roleAssignment -Property RoleDefinitionBindings, Member
    
        $loginName = $roleAssignment.Member.LoginName
        $title = $roleAssignment.Member.Title
        $principalType = $roleAssignment.Member.PrincipalType
        $givenThrough = ""
        $permissionLevel = ""
        # loop through permission levels assigned to specific user/group
        foreach ($roleDefinition in $roleAssignment.RoleDefinitionBindings){
            $PermissionLevel += $RoleDefinition.Name + ";"
        }
        $givenThrough = "Given directly"
        "$($title) `t $($loginName) `t $($principalType) `t $($permissionLevel) `t $($givenThrough)" | Out-File $outputFile -Append
    
        # if principal is SharePoint group -> get SharePoint group members
        if ($roleAssignment.Member.PrincipalType.ToString() -eq "SharePointGroup")
        {
            $givenThrough = $roleAssignment.Member.Title.ToString()
    
            $groupMembers = Get-PnpGroupMembers -Identity $roleAssignment.Member.LoginName
            foreach ($member in $groupMembers)
            {
                "$($member.Title) `t $($member.LoginName) `t $($member.PrincipalType) `t $($permissionLevel) `t $($title)" | Out-File $outputFile -Append
            }
        }
    }
    
    

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.