none
Retrieve ALL user permissions in Site Collection

    Question

  • I’m looking for a PowerShell script that will search an entire site collection and return the permissions a specific user has been granted.

    I’m looking for permissions either directly granted to every list, library, document, etc. OR granted via a SharePoint Group.

    I found a script on TechNet which would work except running scripts in the Online environment is disabled.

    I know there has to be a way because there are 3<sup>rd</sup> party tools that you can buy that’ll do it.

    Any help will be greatly appreciated!!

    Regards,
    Terry

    Tuesday, August 2, 2016 7:59 PM

Answers

  • Hi Terry,

    Based on my testing results, we can get user whether the user is a group or not.

    Here are the code:

    #################################################################
    
    # Script that allows to get all the users for all the Site Collections in a SharePoint Online Tenant
    
    # Required Parameters:
    
    #  -> $sUserName: User Name to connect to the SharePoint Admin Center.
    
    #  -> $sMessage: Message to show in the user credentials prompt.
    
    #  -> $sSPOAdminCenterUrl: SharePoint Admin Center Url
    
    
    ##################################################################
    
    
    $host.Runspace.ThreadOptions = "ReuseThread"
    
    
    #Definition of the function that gets all the site collections information in a SharePoint Online tenant
    
    function Get-SPOUsersAllSiteCollections
    
    {
    
     param ($sUserName,$sMessage)
    
     try
    
     { 
    
     Write-Host "----------------------------------------------------------------------------" -foregroundcolor Green
    
     Write-Host "Getting the information for all the site colletions in the Office 365 tenant" -foregroundcolor Green
    
     Write-Host "----------------------------------------------------------------------------" -foregroundcolor Green
    
     $msolcred = get-credential -UserName $sUserName -Message $sMessage
    
     Connect-SPOService -Url $sSPOAdminCenterUrl -Credential $msolcred
    
     $spoSites=Get-SPOSite | Select *
    
     foreach($spoSite in $spoSites)
    
     {
    
     Write-Host "Users for " $spoSite.Url -foregroundcolor Blue
    
     Get-SPOUser -Site $spoSite.Url
    
     Write-Host
    
     } 
    
     Write-Host "Getting users" -ForegroundColor Green 
    
    Get-SPOUser -Site "<SiteCollection URL>" | Out-File "C:\Users\Administrator\Downloads\SharePoint Online\Users.txt" -Append;
    
     
    
     }
    
     catch [System.Exception]
    
     {
    
     write-host -f red $_.Exception.ToString() 
    
     } 
    
    }
    
    
    #Connection to Office 365
    
    $sUserName="<user account>"
    
    $sMessage="SPO Credential Please"
    
    $sSPOAdminCenterUrl="https://<Domain>-admin.sharepoint.com"
    
    #Get-SPOUser -Site "https://<Domain>.sharepoint.com/" -LoginName "<user>"
    
    
    Get-SPOUsersAllSiteCollections -sUserName $sUserName -sMessage $sMessage
    

    More information, you could refer:

    https://content.sharepointeurope.com/blog/2015/7/13/video-script-that-allows-to-get-all-the-users-for-all-the-site-collections-in-a-sharepoint-online-tenant

    Best Regards,

    Linda Zhang


    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, August 16, 2016 12:46 PM

All replies

  • Hi teeeebro,

    SharePoint Online is different with SharePoint on premise. For SharePoint online, you could view the permission of the user and the group using Get-SPOSiteGroup and Get-SPOUser command. Then export the results to file by Export-csv command.

    Introduction to the SharePoint Online Management Shell cmdlet:

    https://support.office.com/en-us/article/Introduction-to-the-SharePoint-Online-Management-Shell-c16941c3-19b4-4710-8056-34c034493429

    Some demos about using PowerShell to manage users and groups in SharePoint Online for reference.

    http://www.dotnetmafia.com/blogs/dotnettipoftheday/archive/2014/05/06/how-to-use-powershell-to-create-and-manage-users-and-groups-in-sharepoint-online.aspx

    Best Regards,

    Linda Zhang


    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, August 3, 2016 5:49 AM
  • Hi Linda - Thanks for the reply!

    I have run this command in PowerShell but it only returns the "Groups" that a user is a member of.  

    Get-SPOUser -Site https://tenant.sharepoint.com/sites/ourSiteCollection -LoginName user@domain.com

    What about when the user is assigned permission directly to a list or to a document.  The user might not even be a member of a group and assigned permissions directly (bad practice and I don't ... but others might).  And for troubleshooting I absolutely need to know every permission a user has been granted regardless of how it is assigned ... directly or via a group.

    So is there a PS script that'll do what I need?

    Thanks ... and have a Great day!

    Terry

    Wednesday, August 3, 2016 5:45 PM
  • Hi Terry,

    Based on my testing results, we can get user whether the user is a group or not.

    Here are the code:

    #################################################################
    
    # Script that allows to get all the users for all the Site Collections in a SharePoint Online Tenant
    
    # Required Parameters:
    
    #  -> $sUserName: User Name to connect to the SharePoint Admin Center.
    
    #  -> $sMessage: Message to show in the user credentials prompt.
    
    #  -> $sSPOAdminCenterUrl: SharePoint Admin Center Url
    
    
    ##################################################################
    
    
    $host.Runspace.ThreadOptions = "ReuseThread"
    
    
    #Definition of the function that gets all the site collections information in a SharePoint Online tenant
    
    function Get-SPOUsersAllSiteCollections
    
    {
    
     param ($sUserName,$sMessage)
    
     try
    
     { 
    
     Write-Host "----------------------------------------------------------------------------" -foregroundcolor Green
    
     Write-Host "Getting the information for all the site colletions in the Office 365 tenant" -foregroundcolor Green
    
     Write-Host "----------------------------------------------------------------------------" -foregroundcolor Green
    
     $msolcred = get-credential -UserName $sUserName -Message $sMessage
    
     Connect-SPOService -Url $sSPOAdminCenterUrl -Credential $msolcred
    
     $spoSites=Get-SPOSite | Select *
    
     foreach($spoSite in $spoSites)
    
     {
    
     Write-Host "Users for " $spoSite.Url -foregroundcolor Blue
    
     Get-SPOUser -Site $spoSite.Url
    
     Write-Host
    
     } 
    
     Write-Host "Getting users" -ForegroundColor Green 
    
    Get-SPOUser -Site "<SiteCollection URL>" | Out-File "C:\Users\Administrator\Downloads\SharePoint Online\Users.txt" -Append;
    
     
    
     }
    
     catch [System.Exception]
    
     {
    
     write-host -f red $_.Exception.ToString() 
    
     } 
    
    }
    
    
    #Connection to Office 365
    
    $sUserName="<user account>"
    
    $sMessage="SPO Credential Please"
    
    $sSPOAdminCenterUrl="https://<Domain>-admin.sharepoint.com"
    
    #Get-SPOUser -Site "https://<Domain>.sharepoint.com/" -LoginName "<user>"
    
    
    Get-SPOUsersAllSiteCollections -sUserName $sUserName -sMessage $sMessage
    

    More information, you could refer:

    https://content.sharepointeurope.com/blog/2015/7/13/video-script-that-allows-to-get-all-the-users-for-all-the-site-collections-in-a-sharepoint-online-tenant

    Best Regards,

    Linda Zhang


    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, August 16, 2016 12:46 PM