SOLVED
Home

Get Site Permissions with PnP PowerShell

%3CLINGO-SUB%20id%3D%22lingo-sub-140002%22%20slang%3D%22en-US%22%3EGet%20Site%20Permissions%20with%20PnP%20PowerShell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-140002%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20can%20I%20retrieve%20site%20permissions%20on%20a%20site%20or%20subsite%20using%20PnP%20PowerShell%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EExample%3A%26nbsp%3Bhttps%3A%2F%2F%24orgName.sharepoint.com%2Fsites%2FIT%2FAtlas%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EVia%20the%20UI%3A%20Site%20settings%20%26gt%3B%20Site%20Permissions%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWith%20PnP%20PowerShell%2C%20the%20following%20didn't%20work%20for%20me%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%3EConnect-PnPOnline%20-Url%20%22https%3A%2F%2F%24orgName.sharepoint.com%2Fsites%2FIT%2FAtlas%22%20-Credentials%20%24userCredential%0A%24web%20%3D%20Get-PnPWeb%20-Includes%20RoleAssignments%0A%3C%2FPRE%3E%0A%3CP%3E%5BEdit%5D%20The%20above%20code%20actually%20seems%20to%20work%2C%20as%20%24web.RoleAssignments.Count%20returns%205.%20My%20issue%20is%20that%20I%20don't%20know%20how%20to%20take%20it%20from%20here%2C%20to%20enumerate%20the%205%20members%20and%20their%20roles.%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ERoleAssignments.Member%20returns%205%20items%20but%20I%20can't%20figure%20out%20how%20to%20get%20the%20names%20and%20roles.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3ERoleAssignments.Groups%20only%20returns%20the%20SharePoint%20groups.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-141503%22%20slang%3D%22en-US%22%3ERe%3A%20Get%20Site%20Permissions%20with%20PnP%20PowerShell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-141503%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20all%20for%20the%20replies.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20am%20marking%20Ren%C3%A9's%20reply%20as%20best%20response%20as%20it%20uses%20PnP%2C%20but%20the%20other%20CSOM%20worked%20as%20well.%3C%2FP%3E%0A%3CP%3EFor%20the%20record%2C%20below%20the%20code%20I%20came%20up%20with%20just%20before%20Ren%C3%A9%20posted%20his%20reply%20(I%20used%20join%20because%20a%20member%20might%20be%20assigned%20multiple%20roles)%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%3E%24web%3D%20Get-PnPWeb%20-Includes%20RoleAssignments%0A%24ctx%3D%20Get-PnPContext%0Aforeach%20(%24role%20in%20%24web.RoleAssignments)%20%7B%0A%24ctx.Load(%24role.RoleDefinitionBindings)%0A%24ctx.Load(%24role.Member)%0A%24ctx.ExecuteQuery()%0A%24role.Member.Title%0A%24role.RoleDefinitionBindings.Name%20-join%20%22%3B%20%22%0A%7D%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-141502%22%20slang%3D%22en-US%22%3ERe%3A%20Get%20Site%20Permissions%20with%20PnP%20PowerShell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-141502%22%20slang%3D%22en-US%22%3EThe%20following%20worked%20for%20me%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%24cred%20%3D%20get-credential%3CBR%20%2F%3EConnect-PnPOnline%20-Url%20%22https%3A%2F%2F%24orgname.sharepoint.com%22%20-Credentials%20%24cred%3CBR%20%2F%3E%24web%20%3D%20Get-PnPWeb%20-Includes%20RoleAssignments%3CBR%20%2F%3Eforeach(%24ra%20in%20%24web.RoleAssignments)%20%7B%3CBR%20%2F%3E%24member%20%3D%20%24ra.Member%3CBR%20%2F%3E%24loginName%20%3D%20get-pnpproperty%20-ClientObject%20%24member%20-Property%20LoginName%3CBR%20%2F%3E%24rolebindings%20%3D%20get-pnpproperty%20-ClientObject%20%24ra%20-Property%20RoleDefinitionBindings%3CBR%20%2F%3Ewrite-host%20%22%24(%24loginName)%20-%20%24(%24rolebindings.Name)%22%3CBR%20%2F%3Ewrite-host%20%3CBR%20%2F%3E%7D%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-141219%22%20slang%3D%22en-US%22%3ERe%3A%20Get%20Site%20Permissions%20with%20PnP%20PowerShell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-141219%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20can%20try%20this%20script%3C%2FP%3E%0A%3CPRE%3E%24roles%3D%20Get-PnPWeb%20-Includes%20RoleAssignments%3CBR%20%2F%3E%24ctx%3DGet-PnPContext%0Aforeach%20(%20%24role%20in%20%24roles.RoleAssignments)%0A%7B%0A%24ctx.Load(%24role.Member)%0A%24ctx.ExecuteQuery()%0A%24role.Member.LoginName%0A%7D%3C%2FPRE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-141202%22%20slang%3D%22en-US%22%3ERe%3A%20Get%20Site%20Permissions%20with%20PnP%20PowerShell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-141202%22%20slang%3D%22en-US%22%3E%3CP%3EOdd.%20It%20works%20directly%20in%20CSOM%20-%20see%20below.%20The%20issue%20seems%20to%20be%20with%20Get-PnPWeb%20not%20returning%20the%20context.%20I%20haven't%20got%20the%20latest%20version%20set%20up%20on%20my%20PC%20to%20test%20but%20can't%20see%20any%20obvious%20issue.%26nbsp%3BI%20also%20noticed%20that%20you%20can%20get%20the%20count.%20I'd%20use%20CSOM%20fully%20for%20now%20and%20raise%20an%20issue%20with%20details%20on%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FSharePoint%2FPnP-PowerShell%2Fissues%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FSharePoint%2FPnP-PowerShell%2Fissues%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPS%20C%3A%5CSourceCode%5CCaburn%20Hope%5CMigrationScripts%26gt%3B%20%24context%20%3D%20New-Object%20Microsoft.SharePoint.Client.ClientContext(%24url)%3CBR%20%2F%3EPS%20C%3A%5CSourceCode%5CCaburn%20Hope%5CMigrationScripts%26gt%3B%20%24context.Credentials%20%3D%20%24creds%3CBR%20%2F%3EPS%20C%3A%5CSourceCode%5CCaburn%20Hope%5CMigrationScripts%26gt%3B%20%24web%20%3D%20%24context.Web%3CBR%20%2F%3EPS%20C%3A%5CSourceCode%5CCaburn%20Hope%5CMigrationScripts%26gt%3B%20%24context.Load(%24web)%3CBR%20%2F%3EPS%20C%3A%5CSourceCode%5CCaburn%20Hope%5CMigrationScripts%26gt%3B%20%24context.ExecuteQuery()%3CBR%20%2F%3EPS%20C%3A%5CSourceCode%5CCaburn%20Hope%5CMigrationScripts%26gt%3B%20%24groups%20%3D%20%24web.SiteGroups%3CBR%20%2F%3EPS%20C%3A%5CSourceCode%5CCaburn%20Hope%5CMigrationScripts%26gt%3B%20%24context.Load(%24groups)%3CBR%20%2F%3EPS%20C%3A%5CSourceCode%5CCaburn%20Hope%5CMigrationScripts%26gt%3B%20%24context.ExecuteQuery()%3CBR%20%2F%3EPS%20C%3A%5CSourceCode%5CCaburn%20Hope%5CMigrationScripts%26gt%3B%20%24groups%3C%2FP%3E%0A%3CP%3EId%20Title%20LoginName%3CBR%20%2F%3E--%20-----%20---------%3CBR%20%2F%3E3%20Excel%20Services%20Viewers%20Excel%20Services%20Viewers%3CBR%20%2F%3E7%20McGraw%20Hill%20Members%20McGraw%20Hill%20Members%3CBR%20%2F%3E5%20McGraw%20Hill%20Owners%20McGraw%20Hill%20Owners%3CBR%20%2F%3E6%20McGraw%20Hill%20Visitors%20McGraw%20Hill%20Visitors%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3EPS%20C%3A%5CSourceCode%5CCaburn%20Hope%5CMigrationScripts%26gt%3B%20%24roleDefs%20%3D%20%24web.RoleDefinitions%3CBR%20%2F%3EPS%20C%3A%5CSourceCode%5CCaburn%20Hope%5CMigrationScripts%26gt%3B%20%24context.Load(%24roleDefs)%3CBR%20%2F%3EPS%20C%3A%5CSourceCode%5CCaburn%20Hope%5CMigrationScripts%26gt%3B%20%24context.ExecuteQuery()%3CBR%20%2F%3EPS%20C%3A%5CSourceCode%5CCaburn%20Hope%5CMigrationScripts%26gt%3B%20%24roleDefs%3C%2FP%3E%0A%3CP%3EName%20RoleTypeKind%20Hidden%20Order%3CBR%20%2F%3E----%20------------%20------%20-----%3CBR%20%2F%3EFull%20Control%20Administrator%20False%201%3CBR%20%2F%3EDesign%20WebDesigner%20False%2032%3CBR%20%2F%3EEdit%20Editor%20False%2048%3CBR%20%2F%3EContribute%20Contributor%20False%2064%3CBR%20%2F%3ERead%20Reader%20False%20128%3CBR%20%2F%3ELimited%20Access%20Guest%20True%20160%3CBR%20%2F%3EView%20Only%20None%20False%202147483647%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-141076%22%20slang%3D%22en-US%22%3ERe%3A%20Get%20Site%20Permissions%20with%20PnP%20PowerShell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-141076%22%20slang%3D%22en-US%22%3EThere%20may%20be%20a%20quicker%20way%20but%20something%20along%20the%20lines%20of%20adding%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%24context%20%3D%20get-pnpcontext%20%3CBR%20%2F%3E%24context.load(%24web.roleassignments)%3CBR%20%2F%3E%24context.executequery()%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

How can I retrieve site permissions on a site or subsite using PnP PowerShell?

 

Example: https://$orgName.sharepoint.com/sites/IT/Atlas

 

Via the UI: Site settings > Site Permissions

 

With PnP PowerShell, the following didn't work for me:

 

Connect-PnPOnline -Url "https://$orgName.sharepoint.com/sites/IT/Atlas" -Credentials $userCredential
$web = Get-PnPWeb -Includes RoleAssignments

[Edit] The above code actually seems to work, as $web.RoleAssignments.Count returns 5. My issue is that I don't know how to take it from here, to enumerate the 5 members and their roles.

RoleAssignments.Member returns 5 items but I can't figure out how to get the names and roles.

RoleAssignments.Groups only returns the SharePoint groups.

5 Replies
There may be a quicker way but something along the lines of adding:

$context = get-pnpcontext
$context.load($web.roleassignments)
$context.executequery()

Odd. It works directly in CSOM - see below. The issue seems to be with Get-PnPWeb not returning the context. I haven't got the latest version set up on my PC to test but can't see any obvious issue. I also noticed that you can get the count. I'd use CSOM fully for now and raise an issue with details on https://github.com/SharePoint/PnP-PowerShell/issues.

 

PS C:\SourceCode\Caburn Hope\MigrationScripts> $context = New-Object Microsoft.SharePoint.Client.ClientContext($url)
PS C:\SourceCode\Caburn Hope\MigrationScripts> $context.Credentials = $creds
PS C:\SourceCode\Caburn Hope\MigrationScripts> $web = $context.Web
PS C:\SourceCode\Caburn Hope\MigrationScripts> $context.Load($web)
PS C:\SourceCode\Caburn Hope\MigrationScripts> $context.ExecuteQuery()
PS C:\SourceCode\Caburn Hope\MigrationScripts> $groups = $web.SiteGroups
PS C:\SourceCode\Caburn Hope\MigrationScripts> $context.Load($groups)
PS C:\SourceCode\Caburn Hope\MigrationScripts> $context.ExecuteQuery()
PS C:\SourceCode\Caburn Hope\MigrationScripts> $groups

Id Title LoginName
-- ----- ---------
3 Excel Services Viewers Excel Services Viewers
7 McGraw Hill Members McGraw Hill Members
5 McGraw Hill Owners McGraw Hill Owners
6 McGraw Hill Visitors McGraw Hill Visitors


PS C:\SourceCode\Caburn Hope\MigrationScripts> $roleDefs = $web.RoleDefinitions
PS C:\SourceCode\Caburn Hope\MigrationScripts> $context.Load($roleDefs)
PS C:\SourceCode\Caburn Hope\MigrationScripts> $context.ExecuteQuery()
PS C:\SourceCode\Caburn Hope\MigrationScripts> $roleDefs

Name RoleTypeKind Hidden Order
---- ------------ ------ -----
Full Control Administrator False 1
Design WebDesigner False 32
Edit Editor False 48
Contribute Contributor False 64
Read Reader False 128
Limited Access Guest True 160
View Only None False 2147483647

You can try this script

$roles= Get-PnPWeb -Includes RoleAssignments
$ctx=Get-PnPContext foreach ( $role in $roles.RoleAssignments) { $ctx.Load($role.Member) $ctx.ExecuteQuery() $role.Member.LoginName }
Solution
The following worked for me:

$cred = get-credential
Connect-PnPOnline -Url "https://$orgname.sharepoint.com" -Credentials $cred
$web = Get-PnPWeb -Includes RoleAssignments
foreach($ra in $web.RoleAssignments) {
$member = $ra.Member
$loginName = get-pnpproperty -ClientObject $member -Property LoginName
$rolebindings = get-pnpproperty -ClientObject $ra -Property RoleDefinitionBindings
write-host "$($loginName) - $($rolebindings.Name)"
write-host
}

Thanks all for the replies.

 

I am marking René's reply as best response as it uses PnP, but the other CSOM worked as well.

For the record, below the code I came up with just before René posted his reply (I used join because a member might be assigned multiple roles):

 

$web= Get-PnPWeb -Includes RoleAssignments
$ctx= Get-PnPContext
foreach ($role in $web.RoleAssignments) {
$ctx.Load($role.RoleDefinitionBindings)
$ctx.Load($role.Member)
$ctx.ExecuteQuery()
$role.Member.Title
$role.RoleDefinitionBindings.Name -join "; "
}

 

Related Conversations
Power Query Source from Relative Paths
Magnus Vegem Dahle in Excel on
10 Replies
Teams and Power Query Excel file
Mark_Adams in Microsoft Teams on
6 Replies
Reading .csv stored in Azure Blob Storage from Excel
Federico Fontana in Excel on
1 Replies
MS Teams for Virtual classroom
Tanya Arora in Driving Adoption on
9 Replies
Skype for Business to Teams Adoption Strategy
Tanya Arora in Driving Adoption on
3 Replies