How to Get a SharePoint Permissions Report

  • Article

Get a SharePoint Permissions Report to Make Sure Each Account Has Appropriate Access to Your Sensitive Data
Regular audit of SharePoint permissions is critical for security. Misconfigured or maliciously given permissions enable users to view, copy, modify or even delete confidential information they should not have access to. Therefore, regular auditing of SharePoint permissions is crucial to minimizing the risk of data leaks and compliance violations. You can list the current effective permissions for your SharePoint site collections by using Microsoft PowerShell scripts, but they are quite complex and can take time to execute. There is a better way to get a report on SharePoint permissions.

1. Open the PowerShell ISE → Import the PowerShell snap-in for Microsoft SharePoint by running the following cmdlet:

Add-PSSnapin Microsoft.SharePoint.PowerShell

2. Run the following script on your SharePoint server, specifying the SharePoint site URL ($SPSiteURL) and the file path for export to csv ($ExportFile):

[void][System.Reflection.Assembly]::LoadWithPartialName
("Microsoft.SharePoint")
$SPSiteUrl = "http://sharepoint/sites/ent"
$SPSite = New-Object Microsoft.SharePoint.SPSite($SPSiteUrl);
$ExportFile = "C:\root\Permissions.csv" 
"Web Title,Web URL,List Title,User or Group,Role,Inherited" | out-file $ExportFile 
foreach ($WebPath in $SPSite.AllWebs)
{
   if ($WebPath.HasUniqueRoleAssignments)
        {
          $SPRoles = $WebPath.RoleAssignments;
          foreach ($SPRole in $SPRoles)
          {
            foreach ($SPRoleDefinition in $SPRole.RoleDefinitionBindings)
            {
                $WebPath.Title + "," + $WebPath.Url + "," + "N/A" + "," +
$SPRole.Member.Name + "," + $SPRoleDefinition.Name + "," +
$WebPath.HasUniqueRoleAssignments | out-file $ExportFile -append
            }
          }
        }           
        foreach ($List in $WebPath.Lists)
        {
           if ($List.HasUniqueRoleAssignments)
           {
             $SPRoles = $List.RoleAssignments;
             foreach ($SPRole in $SPRoles)
             {
               foreach ($SPRoleDefinition in $SPRole.RoleDefinitionBindings)
               {
                    $WebPath.Title + "," + $WebPath.Url + "," + $List.Title + "," +
$SPRole.Member.Name + "," + $SPRoleDefinition.Name | out-file $ExportFile -append
               }
             }
           }
        }
}
$SPSite.Dispose();

3. Open the file produced by the script in MS Excel.
https://img.netwrix.com/howtos/Excel_Sharepoint.png

 Originally posted: https://www.netwrix.com/how_to_get_sharepoint_permissions_report.html