Forum Discussion
Get SharePoint Groups or Security Groups and Permissions for each Sub Web.
Hi
I want produce a report or the SharePoint Groups and or Security Groups on each of the Sub Webs ( one level only) in an SharePoint online intranet. Now, before I start creating a custom object and exporting to CSV, I thought I would have a go with the PnPCommandlets. In the code below, I just testing the owner groups, before looking at the other groups. I am not sure this the best approach so be intersting in hearing about any suggested improvements.
$subWebs = Get-PnPSubWebs
Foreach ($subWeb in $subWebs)
{
write-host -ForegroundColor DarkYellow $subWeb.Title
Connect-PnPOnline $subWeb.Url -Credentials $cred
$ownerGroup = (Get-pnpweb -Includes AssociatedOwnerGroup).AssociatedOwnerGroup
$memberGroup = (Get-pnpweb -Includes AssociatedMemberGroup).AssociatedMemberGroup
$vistorGroup = (Get-pnpweb -Includes AssociatedVisitorGroup).AssociatedVisitorGroup
$groupTitle = $ownerGroup.Title
$groupPermissions = (Get-PnPGroupPermissions -Identity $groupTitle )
write-host $groupTitle
$groupPermissions | ForEach {Write-Host $_.name ' ' $_.RoleTypeKind}
}
It works --->
Connect-PnPOnline - <<Give details here>>
$context.Load($context.Web.RoleAssignments)
$context.Load($context.Web.RoleAssignments.Groups)
Invoke-PnPQuery -ErrorAction Stop
ForEach($group in $context.Web.RoleAssignments.Groups)
{
$context.Load($group)
Invoke-PnPQuery -ErrorAction Stop
$perm = Get-PnPGroupPermissions -Identity $group.Title
if($perm.Name.Count -gt 0) {
for($i=0; $i -lt $perm.Count;$i++){
Set-PnPGroup -Identity $group.Title -RemoveRole $perm[$i].Name
}
Set-PnPGroup -Identity $group.Title -AddRole "Read"
}
7 Replies
Hi,
You can try similar script from technet gallery
https://gallery.technet.microsoft.com/Get-SharePoint-Online-and-7e6afce2
Hi
Sorry for the delayed response but I seem to have stumbled upon a issue in both the link you mentioned and in my orignal code, when trying to evaluate groups per web. I will illustrate what I mean:
1) First I get a list of sub webs in my Intranet
Connect-PnPOnline $webUrl -Credentials $cred $subwebs=Get-PNPSubWebs
2) Now I want to iterate though my list of sub webs and get all groups aka site permissions
foreach($subweb in $subwebs) { Connect-PnPOnline $subWeb.Url -Credentials $cred # just doing one more check to see we are actually on the correct sub site $thisWeb = Get-PnPWeb $groups=Get-PNPGroup -Identity $thisWeb.TitleIn theory, it should provide me with only the groups in my current web. Acurally it shows me all the Site Groups, regardless of what web I am connected to.
Again, getting the owner/member/visitor groups will bring back only appropriate role groups at the top level site. Also if you have multiple owner/member/visitor groups assigned ot the current web; these are ignored, just the first for each role is returned.
$ownerGroup = (Get-pnpweb -Includes AssociatedOwnerGroup).AssociatedOwnerGroup $memberGroup = (Get-pnpweb -Includes AssociatedMemberGroup).AssociatedMemberGroup $vistorGroup = (Get-pnpweb -Includes AssociatedVisitorGroup).AssociatedVisitorGroup
If I can't resolve this I think I will have to use csom ;-(
Hi Daniel
I have fallen over the same problem when I use Get-PnPGroup I get all of the groups in the site collection whereas I just want the groups for a particular web / subweb.
Is this a bug in Get-PnPGroup ?
@ErwinVanHuen @VesaJuvenon
