Current audit log of all user access for files/folders

Question

I am required to do an audit of all the users that have access to our Sharepoint sites, the output requirement are as follows, i cant seem to find the correct command to give this output, the results should be in a csv file which i already have a script for. Are there any reports like this that sharepoint already generates?

• Site Name
• Folder Name
• Folder Path (if possible, so we can see where in the site it fits
• User with access to the folder (I am guessing this will have to be the user’s email address)
• Type of access the user has (i.e. Read, write, etc.)

Answer 1

Hi @Kyle Reginald Clarke ,

According to my understanding, the existing report of SharePoint cannot view the permissions of the folder. You could refer to this article for more information about SharePoint audit log:
View audit log reports

However I have found a PowerShell script you can have a try.This script will return users and specific permissions according to the url and folder you specify.

#Function to Get Permissions Applied on a particular Object such as: Web, List, Library, Folder or List Item  
Function Get-PnPPermissions([Microsoft.SharePoint.Client.SecurableObject]$Object)  
{  
    Try {  
        #Get permissions assigned to the Folder  
        Get-PnPProperty -ClientObject $Object -Property HasUniqueRoleAssignments, RoleAssignments  
   
        #Check if Object has unique permissions  
        $HasUniquePermissions = $Object.HasUniqueRoleAssignments  
      
        #Loop through each permission assigned and extract details  
        $PermissionCollection = @()  
        Foreach($RoleAssignment in $Object.RoleAssignments)  
        {  
            #Get the Permission Levels assigned and Member  
            Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member  
      
            #Get the Principal Type: User, SP Group, AD Group  
            $PermissionType = $RoleAssignment.Member.PrincipalType  
            $PermissionLevels = $RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name  
   
            #Remove Limited Access  
            $PermissionLevels = ($PermissionLevels | Where { $_ –ne "Limited Access"}) -join ","  
            If($PermissionLevels.Length -eq 0) {Continue}  
   
            #Get SharePoint group members  
            If($PermissionType -eq "SharePointGroup")  
            {  
                #Get Group Members  
                $GroupMembers = Get-PnPGroupMembers -Identity $RoleAssignment.Member.LoginName  
                   
                #Leave Empty Groups  
                If($GroupMembers.count -eq 0){Continue}  
   
                ForEach($User in $GroupMembers)  
                {  
                    #Add the Data to Object  
                    $Permissions = New-Object PSObject  
                    $Permissions | Add-Member NoteProperty User($User.Title)  
                    $Permissions | Add-Member NoteProperty Type($PermissionType)  
                    $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)  
                    $Permissions | Add-Member NoteProperty GrantedThrough("SharePoint Group: $($RoleAssignment.Member.LoginName)")  
                    
                    $PermissionCollection += $Permissions  
                }  
            }  
            Else  
            {  
                #Add the Data to Object  
                $Permissions = New-Object PSObject  
                $Permissions | Add-Member NoteProperty User($RoleAssignment.Member.Title)  
                $Permissions | Add-Member NoteProperty Type($PermissionType)  
                $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)  
                $Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions")  
                $PermissionCollection += $Permissions  
            }  
        }  
        #Export Permissions to CSV File  
        $PermissionCollection | Export-CSV $ReportFile -NoTypeInformation  
        Write-host -f Green "`n*** Folder Permission Report Generated Successfully!***"  
    }  
    Catch {  
    write-host -f Red "Error Generating Folder Permission Report!" $_.Exception.Message  
    }  
}  
     
#region ***Parameters***  
$SiteURL="https://****.sharepoint.com/sites/TeamMisTest"  
$ReportFile="C:\Temp\FolderPermissionRptaa.csv"  
$FolderRelativeURL = "/sites/TeamMisTest/Shared Documents/General"  
#endregion  
   
#Connect to the Site collection  
Connect-PnPOnline -URL $SiteURL -UseWebLogin  
   
#Get the Folder from URL  
$Folder = Get-PnPFolder -Url $FolderRelativeURL  
   
#Call the function to generate permission report  
Get-PnPPermissions $Folder.ListItemAllFields  

Please remember to specify the URL and folder you want in the code then you can output all users who have permission to this folder to the csv, and you can view the permission level:

$SiteURL="https://****.sharepoint.com/sites/TeamMisTest"  
$ReportFile="C:\Temp\FolderPermissionRpt.csv"  
$FolderRelativeURL = "/sites/TeamMisTest/Shared Documents/General"  

Test Result in my end:

Reference:
SharePoint Online: PowerShell to Get Folder Permissions

Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

---

If the answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.