SharePoint Online Powershell | Check if site members and/or visitors have edit/view access on a sub folder

Question

Hi All,

I have a document library in a SharePoint site that has several folders in the Documents library. I need to check if site members have access to "Confidential" folder.

If ($SiteMembers have access to specific folder) {
Write-host "Site Members have access to Confidential folder" -f Green
} else {
Write-host "Site Members don't have access to Confidential folder" -f Yellow
}

I hope someone can help.

Thanks,
VS

Answer 1

Hi @Viktor

I'm glad to hear you solve the problem ,if you have any issue about SharePoint, you are welcome to raise a ticket in this forum.

By the way, since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others.". and according to the scenario introduced here: Answering your own questions on Microsoft Q&A, I would make a brief summary of this thread:

[Failure to update "Like" in list view formatting]

Issue Symptom:
I have a document library in a SharePoint site that has several folders in the Documents library. I need to check if site members have access to "Confidential" folder.

If ($SiteMembers have access to specific folder) {
Write-host "Site Members have access to Confidential folder" -f Green
} else {
Write-host "Site Members don't have access to Confidential folder" -f Yellow
}

Current status:
Set-PnPListItemPermission -List "Documents" -Identity $Folder.ListItemAllFields -User "MyNewAADGroup" -AddRole 'Edit' -ClearExisting : ClearExisting option removes all existing groups and members

You could click the "Accept Answer" button for this summary to close this thread, and this can make it easier for other community member's to see the useful information when reading this thread. Thanks for your understanding!

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Hi All,

The script below was the answer in this case. If anyone else has the same requirement, you can use the script below.

Set-PnPListItemPermission -List "Documents" -Identity $Folder.ListItemAllFields -User "MyNewAADGroup" -AddRole 'Edit' -ClearExisting : ClearExisting option removes all existing groups and members

Regards,
Viktor

Answer 3

@Viktor

You could use following codes to get the report of a folder then check whether site members have permission for the folder.

#Load SharePoint CSOM Assemblies  
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"  
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"  
    
#Function to Get Folder Permissions  
Function Get-SPOFolderPermission([String]$SiteURL, [String]$FolderRelativeURL)  
{  
    Try{  
        #Setup the context  
        $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)  
        $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)  
        
        #Get the Folder  
        $Folder = $Ctx.Web.GetFolderByServerRelativeUrl($FolderRelativeURL)  
        $Ctx.Load($Folder)  
        $Ctx.ExecuteQuery()  
   
        #Get permissions assigned to the Folder  
        $RoleAssignments = $Folder.ListItemAllFields.RoleAssignments  
        $Ctx.Load($RoleAssignments)  
        $Ctx.ExecuteQuery()  
   
        #Loop through each permission assigned and extract details  
        $PermissionCollection = @()  
        Foreach($RoleAssignment in $RoleAssignments)  
        {  
            $Ctx.Load($RoleAssignment.Member)  
            $Ctx.executeQuery()  
   
            #Get the User Type  
            $PermissionType = $RoleAssignment.Member.PrincipalType  
   
            #Get the Permission Levels assigned  
            $Ctx.Load($RoleAssignment.RoleDefinitionBindings)  
            $Ctx.ExecuteQuery()  
            $PermissionLevels = ($RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name) -join ","  
               
            #Get the User/Group Name  
            $Name = $RoleAssignment.Member.Title # $RoleAssignment.Member.LoginName  
   
            #Add the Data to Object  
            $Permissions = New-Object PSObject  
            $Permissions | Add-Member NoteProperty Name($Name)  
            $Permissions | Add-Member NoteProperty Type($PermissionType)  
            $Permissions | Add-Member NoteProperty PermissionLevels($PermissionLevels)  
            $PermissionCollection += $Permissions  
        }  
        Return $PermissionCollection  
    }  
    Catch {  
    write-host -f Red "Error Getting Folder Permissions!" $_.Exception.Message  
    }  
}  
    
#Set Config Parameters  
$SiteURL="https://tenant.sharepoint.com/sites/emily"  
$FolderRelativeURL="/sites/emily/Shared Documents/test"  
    
#Get Credentials to connect  
$Cred= Get-Credential  
    
#Call the function to Get Folder Permissions  
Get-SPOFolderPermission $SiteURL $FolderRelativeURL | Export-CSV "C:\Temp\FolderPermissions.csv" -NoTypeInformation  

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.