List SharePoint Sites, their Libraries, their folders, and their Permissions for Given User

Iron Contributor

I need to run an audit on the permissions without our SharePoint instance.

I'm trying to mix a bunch of code together to achieve this and I'm failing.

I would like an output like this:

 

 

 

Site 1
Title                         Permission
----------------------------------------
Library 1                     Read
Library 2                     Full Control
Library 3                     Contribute
Library 4                     Read
Library 5                     Contribute

Site 2
Title                         Permission
----------------------------------------
Library 1                     Read
Library 2                     Full Control
Library 3                     Contribute
Library 4                     Read
Library 5                     Contribute

 

 

The closest I've gotten is permissions looping through the Sites, but it keeps outputting the same libraries for each site, and it's not even accurate.

 

#Set Parameter
$TenantSiteURL="https://contoso.sharepoint.com"
  
#Connect to the Tenant site
Connect-PnPOnline -Url $TenantSiteURL -Credentials (Get-Credential)

#Get All Site collections - Exclude: Seach Center, Redirect site, Mysite Host, App Catalog, Content Type Hub, eDiscovery and Bot Sites
$SiteCollections = Get-PnPTenantSite | Where -Property Template -NotIn ("SRCHCEN#0", "REDIRECTSITE#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")

#Loop through each site collection
ForEach($Site in $SiteCollections)
{
    Write-Host ""
    $Site.Title

    #Get all document libraries
    $DocLibs = Get-PnPList
 
    #Get ID and Title of the document library
    $DocLibs.Title
}
1 Reply

@xoxidein 

 

To achieve the desired output, you need to loop through each site collection, and for each site collection, you need to get all the document libraries and loop through each library to get the associated permissions.

This script modification might help you.

#Set Parameter
$TenantSiteURL="https://contoso.sharepoint.com"
  
#Connect to the Tenant site
Connect-PnPOnline -Url $TenantSiteURL -Credentials (Get-Credential)

#Get All Site collections - Exclude: Seach Center, Redirect site, Mysite Host, App Catalog, Content Type Hub, eDiscovery and Bot Sites
$SiteCollections = Get-PnPTenantSite | Where -Property Template -NotIn ("SRCHCEN#0", "REDIRECTSITE#0", "SPSMSITEHOST#0", "APPCATALOG#0", "POINTPUBLISHINGHUB#0", "EDISC#0", "STS#-1")

#Loop through each site collection
ForEach($Site in $SiteCollections)
{
    Write-Host ""
    Write-Host "Site: $($Site.Title)"

    #Get all document libraries
    $DocLibs = Get-PnPList -Web $Site.Url -Template "DocumentLibrary"

    #Loop through each library to get permissions
    ForEach($Lib in $DocLibs)
    {
        $Permissions = Get-PnPProperty -ClientObject $Lib -Property EffectiveBasePermissions

        #Loop through each permission level and output the library and permission
        ForEach($Perm in $Permissions)
        {
            $PermLevels = $Perm.FieldValues

            #Check if the user has any permission on the library
            If(($PermLevels.FullMask -band [Microsoft.SharePoint.Client.PermissionKind]::ViewListItems) -ne 0)
            {
                Write-Host "`t$($Lib.Title)`t`tRead"
            }
            If(($PermLevels.FullMask -band [Microsoft.SharePoint.Client.PermissionKind]::EditListItems) -ne 0)
            {
                Write-Host "`t$($Lib.Title)`t`tContribute"
            }
            If(($PermLevels.FullMask -band [Microsoft.SharePoint.Client.PermissionKind]::DeleteListItems) -ne 0)
            {
                Write-Host "`t$($Lib.Title)`t`tDelete"
            }
            If(($PermLevels.FullMask -band [Microsoft.SharePoint.Client.PermissionKind]::ManagePermissions) -ne 0)
            {
                Write-Host "`t$($Lib.Title)`t`tFull Control"
            }
        }
    }
}

 

This script loops through each site collection, gets all the document libraries, and then loops through each library to get the permissions. It then outputs the library name and associated permission level for each library that has any permission. You can modify this script to output the results to a CSV file or format it in any way you like.