Share via

Office 365 AUDIT LOG for file access and permission report

Sajith Gopalakrishnan Hema 1,056 Reputation points
2021-08-04T06:46:09.637+00:00

Using Office 365 AUDIT LOG, we can get file access details of SharePoint and One Drive. But how we can get/run the permissions report of a particular file in Office 365 ?

https://protection.office.com/unifiedauditlog
https://compliance.microsoft.com/auditlogsearch

Microsoft 365 and Office | SharePoint | For business | Windows
0 comments
Accepted answer
  1. Echo Du_MSFT 17,316 Reputation points
    2021-08-05T02:58:00.893+00:00

    Hello @Sajith Gopalakrishnan Hema ,

    According to my research, it is currently impossible to get/run the permissions report for a particular documents in Office 365 Audit Log.

    I suggest you can consider the following workaround:

    1.Access the specified SharePoint site as an admin

    2.Find the particular document and click on Manage access

    120681-1.png

    3.On the Manage Access panel, click on Advanced link

    120600-2.png

    4.You can see this document's permissions list.

    120664-4.png

    Thanks,
    Echo Du

    ====================
    Updated Answer ===================
    Hello @Sajith Gopalakrishnan Hema ,

    Please run the following Powershell script as an admin in SharePoint Online Management Shell.

    #Load SharePoint CSOM Assemblies  
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"  
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"  

#Get Permissions Applied on a particular Object, such as: Web, List or ListItem  
Function Export-SPOPermissions([Microsoft.SharePoint.Client.SecurableObject]$Object, $ReportFile)  
{  
    #Write CSV- TAB Separated File) Header  
    "Account `t Permissions `t Type" | out-file $ReportFile  

    #Get permissions assigned to the object  
    $Ctx.Load($Object.RoleAssignments)  
    $Ctx.ExecuteQuery()  

    Foreach($RoleAssignment in $Object.RoleAssignments)  
    {  
            $Ctx.Load($RoleAssignment.Member)  
            $Ctx.executeQuery()  

            #Get the Permissions on the given object  
            $Permissions=@()  
            $Ctx.Load($RoleAssignment.RoleDefinitionBindings)  
            $Ctx.ExecuteQuery()  
            Foreach ($RoleDefinition in $RoleAssignment.RoleDefinitionBindings)  
            {  
                $Permissions += $RoleDefinition.Name +";"  
            }  
            #Check the permission type  
            if($RoleAssignment.Member.PrincipalType -eq "User")  
            {  
                #Send the Data to Report file  
                "$($RoleAssignment.Member.Title)($($RoleAssignment.Member.LoginName)) `t $($Permissions) `t User Account" | Out-File $ReportFile -Append  
            }  

            ElseIf($RoleAssignment.Member.PrincipalType -eq "SharePointGroup")  
            {  
                #Send the Data to Report file  
                "$($RoleAssignment.Member.LoginName)`t $($Permissions) `t SharePoint Group" | Out-File $ReportFile -Append  
            }  
            ElseIf($RoleAssignment.Member.PrincipalType -eq "SecurityGroup")  
            {  
                #Send the Data to Report file  
                "$($RoleAssignment.Member.Title)`t $($Permissions) `t Security Group" | Out-File $ReportFile -Append  
            }  
    }  
    Write-host -f Green "Permissions Exported to File $ReportFile!"  
}  

Try {  
        #Set parameter values  
        $SiteURL="https://tenant.sharepoint.com/sites/sitename/"  
        $LibraryName="Documents"  
        $FileID="2"  
        $FileTitle="sp16.docx"  

        #Get Credentials to connect  
        $Cred= Get-Credential  
        $Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)  

        #Setup the context  
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)  
        $Ctx.Credentials = $Credentials  

        #Get the Web  
        $Web = $Ctx.Web  
        $Ctx.Load($Web)  
        $Ctx.ExecuteQuery()  

        #Call the function to Get web's permissions  
        Write-host -f Yellow "Extracting Permissions of the Web "$Web.URL"..."  

        #Get the List  
        $Library = $Ctx.web.Lists.GetByTitle($LibraryName)  
        $Ctx.Load($Library)  
        $Ctx.ExecuteQuery()  

        #Call the function to Get List's permissions  
        Write-host -f Yellow "Extracting Permissions of the List "$Library.Title"..."  

        #Get List Item by ID  
        $LibFile = $Library.GetItemById($FileID)   
        $Ctx.Load($LibFile)  
        $Ctx.ExecuteQuery()  

        #Call the function to Get List's permissions  
        Write-host -f Yellow "Extracting Permissions of the File: "$FileTitle"..."  
        Export-SPOPermissions -Object $LibFile -ReportFile "C:\Temp\LibraryFilePermissions.csv"  
     }  
    Catch {  
        write-host -f Red "Error Generating Permissions Report!" $_.Exception.Message  
 }

    120710-powershell.png

    120747-permission-report.png

    Thanks,
    Echo Du

    =======================

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.