svarukala · February 9, 2021 06:26
diff --git a/Get-SPOSiteGranularPermissions.ps1 b/Get-SPOSiteGranularPermissions.ps1
 clear
 #Provie tenant prefix, Application (client) ID, and client secret of the IT admin app
 #IT admin app must have sites.fullcontrol app-only perms
 $tenantPrefix = "Contoso";
 $clientId = "Client-ID";
 $clientSecret = "Client-Secret";
 $tenantName = $tenantPrefix +".onmicrosoft.com";
 $tenantDomain = $tenantPrefix +".sharepoint.com";

 #Provide site url
 $sitePath = "https://contoso.sharepoint.com/sites/Web01"
 $siteName = $sitePath.Split("/")[4]

 $ReqTokenBody = @{
 Grant_Type    = "client_credentials"
 Scope         = "https://graph.microsoft.com/.default"
 client_Id     = $clientID
 Client_Secret = $clientSecret
 } 
 $TokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantName/oauth2/v2.0/token" -Method POST -Body $ReqTokenBody

 $apiUrl = 'https://graph.microsoft.com/v1.0/sites/'+ $tenantDomain +':/sites/'+ $siteName +'?$select=id,displayName'
 try {
  $spoResult = Invoke-RestMethod -Headers @{Authorization = "Bearer $($Tokenresponse.access_token)"} -Uri  $apiUrl -Method Get 
  Write-Host "Site:" $spoResult.displayName
 }
 catch {
  Write-Output "Failed to enumerate the site"
  Write-Host "StatusCode:" $_.Exception.Response.StatusCode.value__ 
  Write-Host "StatusDescription:" $_.Exception.Response.StatusDescription 
  Exit
 }    

 $apiUrl = 'https://graph.microsoft.com/v1.0/sites/'+ $spoResult.id +'/permissions'

   
 try {
  $spoData = Invoke-RestMethod -Headers @{Authorization = "Bearer $($Tokenresponse.access_token)"} -Uri $apiUrl -Method Get -ResponseHeadersVariable spoRespHeaders
  if ($spoData.value.length -eq 0)
  {
      Write-Host "No site level permissions found"
  }
  else {
    $spoData.value | %{ $_ | ConvertTo-Json -Depth 10 }
  }
 }
 catch {
  Write-Output "Failed to add permissions the site"
  Write-Host "StatusCode:" $_.Exception.Response.StatusCode.value__ 
  Write-Host "StatusDescription:" $_.Exception.Response.StatusDescription 
 }
	clear
	#Provie tenant prefix, Application (client) ID, and client secret of the IT admin app
	#IT admin app must have sites.fullcontrol app-only perms
	$tenantPrefix = "Contoso";
	$clientId = "Client-ID";
	$clientSecret = "Client-Secret";
	$tenantName = $tenantPrefix +".onmicrosoft.com";
	$tenantDomain = $tenantPrefix +".sharepoint.com";

	#Provide site url
	$sitePath = "https://contoso.sharepoint.com/sites/Web01"
	$siteName = $sitePath.Split("/")[4]

	$ReqTokenBody = @{
	Grant_Type = "client_credentials"
	Scope = "https://graph.microsoft.com/.default"
	client_Id = $clientID
	Client_Secret = $clientSecret
	}
	$TokenResponse = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenantName/oauth2/v2.0/token" -Method POST -Body $ReqTokenBody

	$apiUrl = 'https://graph.microsoft.com/v1.0/sites/'+ $tenantDomain +':/sites/'+ $siteName +'?$select=id,displayName'
	try {
	$spoResult = Invoke-RestMethod -Headers @{Authorization = "Bearer $($Tokenresponse.access_token)"} -Uri $apiUrl -Method Get
	Write-Host "Site:" $spoResult.displayName
	}
	catch {
	Write-Output "Failed to enumerate the site"
	Write-Host "StatusCode:" $_.Exception.Response.StatusCode.value__
	Write-Host "StatusDescription:" $_.Exception.Response.StatusDescription
	Exit
	}

	$apiUrl = 'https://graph.microsoft.com/v1.0/sites/'+ $spoResult.id +'/permissions'


	try {
	$spoData = Invoke-RestMethod -Headers @{Authorization = "Bearer $($Tokenresponse.access_token)"} -Uri $apiUrl -Method Get -ResponseHeadersVariable spoRespHeaders
	if ($spoData.value.length -eq 0)
	{
	Write-Host "No site level permissions found"
	}
	else {
	$spoData.value \| %{ $_ \| ConvertTo-Json -Depth 10 }
	}
	}
	catch {
	Write-Output "Failed to add permissions the site"
	Write-Host "StatusCode:" $_.Exception.Response.StatusCode.value__
	Write-Host "StatusDescription:" $_.Exception.Response.StatusDescription
	}
No results found