Hello holders of the knowledge,
I received a PowerShell script for pulling a csv report of the users of each library on a sharepoint site. I have edited the script to be usable for my purpose but one thing that I am having trouble with is including the name as well as the display name for users with direct access. The report of those users that have access through a sharepoint group include both. I believe that the addition of direct users is on line 79 and the following lines were my attempt.
Any help is appreciated!
#Get permissions assigned to the object
Get-PnPProperty -ClientObject $Object -Property HasUniqueRoleAssignments, RoleAssignments
#Check if Object has unique permissions
$HasUniquePermissions = $Object.HasUniqueRoleAssignments
#Loop through each permission assigned and extract details
$PermissionCollection = @()
Foreach($RoleAssignment in $Object.RoleAssignments)
{
#Get the Permission Levels assigned and Member
Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member -ErrorAction "SilentlyContinue"
#Get the Principal Type: User, SP Group, AD Group
$PermissionType = $RoleAssignment.Member.PrincipalType
#Get the Permission Levels assigned
try {
$PermissionLevels = $RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name
} catch {}
#Remove Limited Access
#$PermissionLevels = ($PermissionLevels | Where { $_ -ne "Limited Access"}) -join ","
#Leave Principals with no Permissions
If($PermissionLevels.Length -eq 0) {Continue}
#Get SharePoint group members
If($PermissionType -eq "SharePointGroup")
{
#Get Group Members
$GroupMembers = Get-PnPGroupMembers -Identity $RoleAssignment.Member.LoginName -ErrorAction SilentlyContinue
#Leave Empty Groups
If($GroupMembers.count -eq 0){Continue}
#$GroupUsers = ($GroupMembers | Select -ExpandProperty Title) -join ","
$GroupUsers = ""
foreach ($g in $GroupMembers) {
if ($g.Title.Contains("(")) {
$GroupUsers += $g.Title.Substring(0,$g.Title.IndexOf("(")) + "~" + $g.Email + ";"
} else {
$GroupUsers += $g.Title + "~" + $g.Email + ";"
}
}
$GroupUsers = $GroupUsers.TrimEnd(";")
#Add the Data to Object
$Permissions = New-Object PSObject
$Permissions | Add-Member NoteProperty Object($ObjectType)
$Permissions | Add-Member NoteProperty "Library/Folder"($ObjectTitle)
$Permissions | Add-Member NoteProperty "Library/Folder URL"($ObjectURL)
$Permissions | Add-Member NoteProperty "Group Name"("$($RoleAssignment.Member.LoginName)")
#$Permissions | Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions)
$Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
$Permissions | Add-Member NoteProperty "Members"($GroupUsers)
#$Permissions | Add-Member NoteProperty Type($PermissionType)
$PermissionCollection += $Permissions
}
Else
{
#Add the Data to Object
$Permissions = New-Object PSObject
$Permissions | Add-Member NoteProperty Object($ObjectType)
$Permissions | Add-Member NoteProperty "Library/Folder"($ObjectTitle)
$Permissions | Add-Member NoteProperty "Library/Folder URL"($ObjectURL)
$Permissions | Add-Member NoteProperty "Group Name"("Direct Permissions")
#$Permissions | Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions)
$Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
$Permissions | Add-Member NoteProperty "Members"($RoleAssignment.Member.Email)
#if ($RoleAssignment.Member.Title.Contains("(")) {
# $Permissions | Add-Member NoteProperty "Members"($RoleAssignment.Member.Title.Substring(0,$g.Title.IndexOf("(")) + " ~ " + $RoleAssignment.Member.Email + ";")
# } else {
# $Permissions | Add-Member NoteProperty "Members"($RoleAssignment.Member.Title + " ~ " + $RoleAssignment.Member.Email + ";")
# }
#$Permissions | Add-Member NoteProperty Type($PermissionType)
$PermissionCollection += $Permissions
}
}
#Export Permissions to CSV File
$PermissionCollection | Export-CSV $ReportFile -NoTypeInformation -Append
