pstakuu · August 16, 2022 20:29
diff --git a/Get-SPOFolderLibPerms.ps1 b/Get-SPOFolderLibPerms.ps1
 #Function to Get Permissions on a particular on List, Folder or List Item
 Function Get-PnPPermissions([Microsoft.SharePoint.Client.SecurableObject]$Object)
 {
    #Determine the type of the object
    Switch($Object.TypedObject.ToString())
    {
        "Microsoft.SharePoint.Client.ListItem"
        {
            If($Object.FileSystemObjectType -eq "Folder")
            {
                $ObjectType = "Folder"
                #Get the URL of the Folder
                $Folder = Get-PnPProperty -ClientObject $Object -Property Folder
                $ObjectTitle = $Object.Folder.Name
                $ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''),$Object.Folder.ServerRelativeUrl)
            }
            Else #File or List Item
            {
                #Get the URL of the Object
                Get-PnPProperty -ClientObject $Object -Property File, ParentList
                If($Object.File.Name -ne $Null)
                {
                    $ObjectType = "File"
                    $ObjectTitle = $Object.File.Name
                    $ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''),$Object.File.ServerRelativeUrl)
                }
                else
                {
                    $ObjectType = "List Item"
                    $ObjectTitle = $Object["Title"]
                    #Get the URL of the List Item
                    $DefaultDisplayFormUrl = Get-PnPProperty -ClientObject $Object.ParentList -Property DefaultDisplayFormUrl                    
                    $ObjectURL = $("{0}{1}?ID={2}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $DefaultDisplayFormUrl,$Object.ID)
                }
            }
        }
        Default
        {
            $ObjectType = "List or Library"
            $ObjectTitle = $Object.Title
            #Get the URL of the List or Library
            $RootFolder = Get-PnPProperty -ClientObject $Object -Property RootFolder    
            $ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $RootFolder.ServerRelativeUrl)
        }
    }
    
    #Get permissions assigned to the object
    Get-PnPProperty -ClientObject $Object -Property HasUniqueRoleAssignments, RoleAssignments
  
    #Check if Object has unique permissions
    $HasUniquePermissions = $Object.HasUniqueRoleAssignments
      
    #Loop through each permission assigned and extract details
    $PermissionCollection = @()
    Foreach($RoleAssignment in $Object.RoleAssignments)
    {
        #Get the Permission Levels assigned and Member
        Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member
  
        #Get the Principal Type: User, SP Group, AD Group
        $PermissionType = $RoleAssignment.Member.PrincipalType
     
        #Get the Permission Levels assigned
        $PermissionLevels = $RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name
  
        #Remove Limited Access
        $PermissionLevels = ($PermissionLevels | Where { $_ -ne "Limited Access"}) -join ","
  
        #Leave Principals with no Permissions
        If($PermissionLevels.Length -eq 0) {Continue}
  
        #Get SharePoint group members
        If($PermissionType -eq "SharePointGroup")
        {
            #Get Group Members
            $GroupMembers = Get-PnPGroupMembers -Identity $RoleAssignment.Member.LoginName
                  
            #Leave Empty Groups
            If($GroupMembers.count -eq 0){Continue}
            $GroupUsers = ($GroupMembers | Select -ExpandProperty Title) -join "; "
  
            #Add the Data to Object
            $Permissions = New-Object PSObject
            $Permissions | Add-Member NoteProperty Object($ObjectType)
            $Permissions | Add-Member NoteProperty Title($ObjectTitle)
            $Permissions | Add-Member NoteProperty URL($ObjectURL)
            $Permissions | Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions)
            $Permissions | Add-Member NoteProperty Users($GroupUsers)
            $Permissions | Add-Member NoteProperty Type($PermissionType)
            $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
            $Permissions | Add-Member NoteProperty GrantedThrough("SharePoint Group: $($RoleAssignment.Member.LoginName)")
            $PermissionCollection += $Permissions
        }
        Else
        {
            #Add the Data to Object
            $Permissions = New-Object PSObject
            $Permissions | Add-Member NoteProperty Object($ObjectType)
            $Permissions | Add-Member NoteProperty Title($ObjectTitle)
            $Permissions | Add-Member NoteProperty URL($ObjectURL)
            $Permissions | Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions)
            $Permissions | Add-Member NoteProperty Users($RoleAssignment.Member.Title)
            $Permissions | Add-Member NoteProperty Type($PermissionType)
            $Permissions | Add-Member NoteProperty Permissions($PermissionLevels)
            $Permissions | Add-Member NoteProperty GrantedThrough("Direct Permissions")
            $PermissionCollection += $Permissions
        }
    }
    #Export Permissions to CSV File
    $PermissionCollection | Export-CSV $ReportFile -NoTypeInformation -Append
 }
    
 #Function to get sharepoint online list permissions report
 Function Generate-PnPListPermissionRpt()
 {
    [cmdletbinding()]    
    Param 
    (   
        [Parameter(Mandatory=$false)] [String] $SiteURL,
        [Parameter(Mandatory=$false)] [String] $ListName,        
        [Parameter(Mandatory=$false)] [String] $ReportFile,
        [Parameter(Mandatory=$false)] [switch] $ScanItemLevel,
        [Parameter(Mandatory=$false)] [switch] $IncludeInheritedPermissions
    )
    Try {
        #Function to Get Permissions of All List Items of a given List
        Function Get-PnPListItemsPermission([Microsoft.SharePoint.Client.List]$List)
        {
            Write-host -f Yellow "`t `t Getting Permissions of List Items in the List:"$List.Title
   
            #Get All Items from List in batches
            $ListItems = Get-PnPListItem -List $List -PageSize 500
   
            $ItemCounter = 0
            #Loop through each List item
            ForEach($ListItem in $ListItems)
            {
                #Get Objects with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch
                If($IncludeInheritedPermissions)
                {
                    Get-PnPPermissions -Object $ListItem
                }
                Else
                {
                    #Check if List Item has unique permissions
                    $HasUniquePermissions = Get-PnPProperty -ClientObject $ListItem -Property HasUniqueRoleAssignments
                    If($HasUniquePermissions -eq $True)
                    {
                        #Call the function to generate Permission report
                        Get-PnPPermissions -Object $ListItem
                    }
                }
                $ItemCounter++
                Write-Progress -PercentComplete ($ItemCounter / ($List.ItemCount) * 100) -Activity "Processing Items $ItemCounter of $($List.ItemCount)" -Status "Searching Unique Permissions in List Items of '$($List.Title)'"
            }
        }
 
            #Get the List
            $List = Get-PnpList -Identity $ListName -Includes RoleAssignments
             
            Write-host -f Yellow "Getting Permissions of the List '$ListName'..."
            #Get List Permissions
            Get-PnPPermissions -Object $List
 
            #Get Item Level Permissions if 'ScanItemLevel' switch present
            If($ScanItemLevel)
            {
                #Get List Items Permissions
                Get-PnPListItemsPermission -List $List
            }
        Write-host -f Green "`t List Permission Report Generated Successfully!" 
     }
    Catch {
        write-host -f Red "Error Generating List Permission Report!" $_.Exception.Message
   }
 }
 
 #region ***Parameters***

 $SiteURL="https://cdmig.sharepoint.com/sharepoint/reports"
 $ListName = "Common Reports"
 $ReportFile="C:\Temp\ListPermissionRptItemLevel.csv"
 #endregion
 
 #Remove the Output report if exists
 If (Test-Path $ReportFile) { Remove-Item $ReportFile }
 
 #Connect to the Site
 #Connect-PnPOnline -URL $SiteURL -Credentials (Get-Credential)
 
 #Get the Web
 $Web = Get-PnPWeb
  
 #Call the function to generate list permission report
 #Generate-PnPListPermissionRpt -SiteURL $SiteURL -ListName $ListName -ReportFile $ReportFile
 Generate-PnPListPermissionRpt -SiteURL $SiteURL -ListName $ListName -ReportFile $ReportFile -ScanItemLevel
 #Generate-PnPListPermissionRpt -SiteURL $SiteURL -ListName $ListName -ReportFile $ReportFile -ScanItemLevel -IncludeInheritedPermissions


 #Read more: https://www.sharepointdiary.com/2019/02/sharepoint-online-pnp-powershell-to-export-document-library-permissions.html#ixzz6i9Jb5Yjd
	#Function to Get Permissions on a particular on List, Folder or List Item
	Function Get-PnPPermissions([Microsoft.SharePoint.Client.SecurableObject]$Object)
	{
	#Determine the type of the object
	Switch($Object.TypedObject.ToString())
	{
	"Microsoft.SharePoint.Client.ListItem"
	{
	If($Object.FileSystemObjectType -eq "Folder")
	{
	$ObjectType = "Folder"
	#Get the URL of the Folder
	$Folder = Get-PnPProperty -ClientObject $Object -Property Folder
	$ObjectTitle = $Object.Folder.Name
	$ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''),$Object.Folder.ServerRelativeUrl)
	}
	Else #File or List Item
	{
	#Get the URL of the Object
	Get-PnPProperty -ClientObject $Object -Property File, ParentList
	If($Object.File.Name -ne $Null)
	{
	$ObjectType = "File"
	$ObjectTitle = $Object.File.Name
	$ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''),$Object.File.ServerRelativeUrl)
	}
	else
	{
	$ObjectType = "List Item"
	$ObjectTitle = $Object["Title"]
	#Get the URL of the List Item
	$DefaultDisplayFormUrl = Get-PnPProperty -ClientObject $Object.ParentList -Property DefaultDisplayFormUrl
	$ObjectURL = $("{0}{1}?ID={2}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $DefaultDisplayFormUrl,$Object.ID)
	}
	}
	}
	Default
	{
	$ObjectType = "List or Library"
	$ObjectTitle = $Object.Title
	#Get the URL of the List or Library
	$RootFolder = Get-PnPProperty -ClientObject $Object -Property RootFolder
	$ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $RootFolder.ServerRelativeUrl)
	}
	}

	#Get permissions assigned to the object
	Get-PnPProperty -ClientObject $Object -Property HasUniqueRoleAssignments, RoleAssignments

	#Check if Object has unique permissions
	$HasUniquePermissions = $Object.HasUniqueRoleAssignments

	#Loop through each permission assigned and extract details
	$PermissionCollection = @()
	Foreach($RoleAssignment in $Object.RoleAssignments)
	{
	#Get the Permission Levels assigned and Member
	Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member

	#Get the Principal Type: User, SP Group, AD Group
	$PermissionType = $RoleAssignment.Member.PrincipalType

	#Get the Permission Levels assigned
	$PermissionLevels = $RoleAssignment.RoleDefinitionBindings \| Select -ExpandProperty Name

	#Remove Limited Access
	$PermissionLevels = ($PermissionLevels \| Where { $_ -ne "Limited Access"}) -join ","

	#Leave Principals with no Permissions
	If($PermissionLevels.Length -eq 0) {Continue}

	#Get SharePoint group members
	If($PermissionType -eq "SharePointGroup")
	{
	#Get Group Members
	$GroupMembers = Get-PnPGroupMembers -Identity $RoleAssignment.Member.LoginName

	#Leave Empty Groups
	If($GroupMembers.count -eq 0){Continue}
	$GroupUsers = ($GroupMembers \| Select -ExpandProperty Title) -join "; "

	#Add the Data to Object
	$Permissions = New-Object PSObject
	$Permissions \| Add-Member NoteProperty Object($ObjectType)
	$Permissions \| Add-Member NoteProperty Title($ObjectTitle)
	$Permissions \| Add-Member NoteProperty URL($ObjectURL)
	$Permissions \| Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions)
	$Permissions \| Add-Member NoteProperty Users($GroupUsers)
	$Permissions \| Add-Member NoteProperty Type($PermissionType)
	$Permissions \| Add-Member NoteProperty Permissions($PermissionLevels)
	$Permissions \| Add-Member NoteProperty GrantedThrough("SharePoint Group: $($RoleAssignment.Member.LoginName)")
	$PermissionCollection += $Permissions
	}
	Else
	{
	#Add the Data to Object
	$Permissions = New-Object PSObject
	$Permissions \| Add-Member NoteProperty Object($ObjectType)
	$Permissions \| Add-Member NoteProperty Title($ObjectTitle)
	$Permissions \| Add-Member NoteProperty URL($ObjectURL)
	$Permissions \| Add-Member NoteProperty HasUniquePermissions($HasUniquePermissions)
	$Permissions \| Add-Member NoteProperty Users($RoleAssignment.Member.Title)
	$Permissions \| Add-Member NoteProperty Type($PermissionType)
	$Permissions \| Add-Member NoteProperty Permissions($PermissionLevels)
	$Permissions \| Add-Member NoteProperty GrantedThrough("Direct Permissions")
	$PermissionCollection += $Permissions
	}
	}
	#Export Permissions to CSV File
	$PermissionCollection \| Export-CSV $ReportFile -NoTypeInformation -Append
	}

	#Function to get sharepoint online list permissions report
	Function Generate-PnPListPermissionRpt()
	{
	[cmdletbinding()]
	Param
	(
	[Parameter(Mandatory=$false)] [String] $SiteURL,
	[Parameter(Mandatory=$false)] [String] $ListName,
	[Parameter(Mandatory=$false)] [String] $ReportFile,
	[Parameter(Mandatory=$false)] [switch] $ScanItemLevel,
	[Parameter(Mandatory=$false)] [switch] $IncludeInheritedPermissions
	)
	Try {
	#Function to Get Permissions of All List Items of a given List
	Function Get-PnPListItemsPermission([Microsoft.SharePoint.Client.List]$List)
	{
	Write-host -f Yellow "`t `t Getting Permissions of List Items in the List:"$List.Title

	#Get All Items from List in batches
	$ListItems = Get-PnPListItem -List $List -PageSize 500

	$ItemCounter = 0
	#Loop through each List item
	ForEach($ListItem in $ListItems)
	{
	#Get Objects with Unique Permissions or Inherited Permissions based on 'IncludeInheritedPermissions' switch
	If($IncludeInheritedPermissions)
	{
	Get-PnPPermissions -Object $ListItem
	}
	Else
	{
	#Check if List Item has unique permissions
	$HasUniquePermissions = Get-PnPProperty -ClientObject $ListItem -Property HasUniqueRoleAssignments
	If($HasUniquePermissions -eq $True)
	{
	#Call the function to generate Permission report
	Get-PnPPermissions -Object $ListItem
	}
	}
	$ItemCounter++
	Write-Progress -PercentComplete ($ItemCounter / ($List.ItemCount) * 100) -Activity "Processing Items $ItemCounter of $($List.ItemCount)" -Status "Searching Unique Permissions in List Items of '$($List.Title)'"
	}
	}

	#Get the List
	$List = Get-PnpList -Identity $ListName -Includes RoleAssignments

	Write-host -f Yellow "Getting Permissions of the List '$ListName'..."
	#Get List Permissions
	Get-PnPPermissions -Object $List

	#Get Item Level Permissions if 'ScanItemLevel' switch present
	If($ScanItemLevel)
	{
	#Get List Items Permissions
	Get-PnPListItemsPermission -List $List
	}
	Write-host -f Green "`t List Permission Report Generated Successfully!"
	}
	Catch {
	write-host -f Red "Error Generating List Permission Report!" $_.Exception.Message
	}
	}

	#region *Parameters*

	$SiteURL="https://cdmig.sharepoint.com/sharepoint/reports"
	$ListName = "Common Reports"
	$ReportFile="C:\Temp\ListPermissionRptItemLevel.csv"
	#endregion

	#Remove the Output report if exists
	If (Test-Path $ReportFile) { Remove-Item $ReportFile }

	#Connect to the Site
	#Connect-PnPOnline -URL $SiteURL -Credentials (Get-Credential)

	#Get the Web
	$Web = Get-PnPWeb

	#Call the function to generate list permission report
	#Generate-PnPListPermissionRpt -SiteURL $SiteURL -ListName $ListName -ReportFile $ReportFile
	Generate-PnPListPermissionRpt -SiteURL $SiteURL -ListName $ListName -ReportFile $ReportFile -ScanItemLevel
	#Generate-PnPListPermissionRpt -SiteURL $SiteURL -ListName $ListName -ReportFile $ReportFile -ScanItemLevel -IncludeInheritedPermissions


	#Read more: https://www.sharepointdiary.com/2019/02/sharepoint-online-pnp-powershell-to-export-document-library-permissions.html#ixzz6i9Jb5Yjd
No results found