Share via

SharePoint Online Powershell | Get Document Library Folders & Sub Folders

Shabeer Shaik Abdurahaman 6 Reputation points
2021-08-10T13:47:12.33+00:00

Hi There

I have a SharePoint Online site, within this I have a Document Library and within the Document library there is one folder and within the one folder there are many sub folders 

Below just one example

122031-image.png

Document Library = Jonsson Group

Main Folder = Supplier

Sub Folder = NPI

Now I need a report or csv report using Sharepoint Online Powershell to get the user and group permission for Sub Folder 

Like: 
122013-image.png

Please provide me a powershell script to run

Regards

Shabeer

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,300 questions
SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,900 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,462 questions
0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Elsie Lu_MSFT 9,791 Reputation points
    2021-08-11T02:52:43.43+00:00

    Hi @Anonymous ,

    I have found a PowerShell script you can have a try. This script will return users and specific permissions according to the url and folder you specify. 

    #Function to Get Permissions Applied on a particular Object such as: Web, List, Library, Folder or List Item  
 Function Get-PnPPermissions([Microsoft.SharePoint.Client.SecurableObject]$Object)  
 {  
     Try {  
         #Get permissions assigned to the Folder  
         Get-PnPProperty -ClientObject $Object -Property HasUniqueRoleAssignments, RoleAssignments  
       
         #Check if Object has unique permissions  
         $HasUniquePermissions = $Object.HasUniqueRoleAssignments  
          
         #Loop through each permission assigned and extract details  
         $PermissionCollection = @()  
         Foreach($RoleAssignment in $Object.RoleAssignments)  
         {  
             #Get the Permission Levels assigned and Member  
             Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member  
          
             #Get the Principal Type: User, SP Group, AD Group  
             $PermissionType = $RoleAssignment.Member.PrincipalType  
             $PermissionLevels = $RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name  
       
             #Remove Limited Access  
             $PermissionLevels = ($PermissionLevels | Where { $_ –ne "Limited Access"}) -join ","  
             If($PermissionLevels.Length -eq 0) {Continue}  
       
             #Get SharePoint group members  
             If($PermissionType -eq "SharePointGroup")  
             {  
                 #Get Group Members  
                 $GroupMembers = Get-PnPGroupMembers -Identity $RoleAssignment.Member.LoginName  
                       
                 #Leave Empty Groups  
                 If($GroupMembers.count -eq 0){Continue}  
       
                 ForEach($User in $GroupMembers)  
                 {  
                     #Add the Data to Object  
                     $Permissions = New-Object PSObject  
                     $Permissions | Add-Member NoteProperty User($User.Title)  
                     $Permissions | Add-Member NoteProperty Type($PermissionType)  
                     $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)  
                     $Permissions | Add-Member NoteProperty GrantedThrough("SharePoint Group: $($RoleAssignment.Member.LoginName)")  
                        
                     $PermissionCollection += $Permissions  
                 }  
             }  
             Else  
             {  
                 #Add the Data to Object  
                 $Permissions = New-Object PSObject  
                 $Permissions | Add-Member NoteProperty User($RoleAssignment.Member.Title)  
                 $Permissions | Add-Member NoteProperty Type($PermissionType)  
                 $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)  
                 $Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions")  
                 $PermissionCollection += $Permissions  
             }  
         }  
         #Export Permissions to CSV File  
         $PermissionCollection | Export-CSV $ReportFile -NoTypeInformation  
         Write-host -f Green "`n*** Folder Permission Report Generated Successfully!***"  
     }  
     Catch {  
     write-host -f Red "Error Generating Folder Permission Report!" $_.Exception.Message  
     }  
 }  
         
 #region ***Parameters***  
 $SiteURL="https://****.sharepoint.com/sites/TeamMisTest"  
 $ReportFile="C:\Temp\FolderPermissionRptaa.csv"  
 $FolderRelativeURL = "/sites/TeamMisTest/Shared Documents/General"  
 #endregion  
       
 #Connect to the Site collection  
 Connect-PnPOnline -URL $SiteURL -UseWebLogin  
       
 #Get the Folder from URL  
 $Folder = Get-PnPFolder -Url $FolderRelativeURL  
       
 #Call the function to generate permission report  
 Get-PnPPermissions $Folder.ListItemAllFields

    Please remember to specify the URL and folder you want in the code then you can output all users who have permission to this folder to the csv, and you can view the permission level: 

     $SiteURL="https://****.sharepoint.com/sites/TeamMisTest"  
 $ReportFile="C:\Temp\FolderPermissionRpt.csv"  
 $FolderRelativeURL = "/sites/TeamMisTest/Shared Documents/General"

    Test Result in my end:
    122119-16.jpg

    Referenece:
    SharePoint Online: PowerShell to Get Folder Permissions

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    If the answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Karl Rolfe 1 Reputation point
    2022-02-04T03:56:12.11+00:00

    There is an error on line 30 of the script

    Blockquote $GroupMembers = Get-PnPGroupMembers -Identity $RoleAssignment.Member.LoginName

    should be

    $GroupMembers = Get-PnPGroupMember -Identity $RoleAssignment.Member.LoginName

    I.e. Get-PnPGroupMembers --> Get-PnPGroupMember

    0 comments
  3. Christian Rodriguez 1 Reputation point
    2022-04-04T14:57:46.89+00:00

    The script works but it only returns 11 rows, no matter how many users you happen to have. It is returned on the same order as it is shown on the web interface. Why is this? any suggestions?

    Thanks

    0 comments
  4. edgar parra 1 Reputation point Microsoft Employee
    2022-07-15T21:46:59.463+00:00

    Hi, this script doesn't work.

    I get this error message when I run it

    $Folder = Get-PnPFolder -Url $FolderRelativeURL
    | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    | The remote server returned an error: (400) Bad Request.

    Error Generating Folder Permission Report! Cannot bind argument to parameter 'ClientObject' because it is null.

    and I am pretty sure the $FolderRelativeURL is correct

    0 comments
  5. ZINEB BERGUEN 11 Reputation points
    2022-07-15T22:03:30.763+00:00

    Thank you

    0 comments