Introduction

One of the challenges for the SharePoint Administrator is to find broken permissions for sites, lists or document libraries.  This article describes a solution to this major problem.  The solution works for both Office 365 and SharePoint 2013 On-Premises.

Solution

In our solution we are using Console Application to get the broken permissions for sites, lists or document libraries.  The results will be exported to the CSV file.  SharePoint Online supports only limited Power Shell commands about 30. There is a nice article about command-lets supported by SharePoint Online.

Introduction to the SharePoint Online Management Shell

Due to the above limitation and other Power Shell issues such as passing fields while loading objects, we will be using Client Side Object Model (CSOM) in conjunction with Console Application to retrieve the unique permissions for the sites, lists or document libraries.

Connecting to SharePoint Online or On-Premises


The application will have option to connect either to SharePoint Online or SharePoint 2013 On-premises using Settings as shown in the below screenshot.  


If the setting "SPOnline" is true, console window will show you that you are connected to SharePoint Online and you need to enter the credentials of SharePoint Online as shown in the below screenshot.  One of the advantage of using SharePoint Online is that you don't need to have SharePoint Installed on the client machine.  Just you need to have the SharePoint Client libraries .  The SharePoint CSOM Client libraries will be available if you installed either SharePoint 2013 Online Management Shell or SharePoint 2013 Designer. 


On-premises Connection Console Window


The following is the code used for connecting either to Online or On-Prem.

if (Settings.Default.SPOnline)
{    
clientContext.Credentials =
new SharePointOnlineCredentials(cred.Username, cred.Password);
}
else
{
    clientContext.Credentials =
new NetworkCredential(cred.Username,cred.Password,cred.Domain);
}

The following is the code used to get the unique permissions for the site and list/libraries.

WebCollection childWebs = web.Webs;
ctx.Load(childWebs);
ctx.ExecuteQuery();                        

foreach
(Web childWeb in childWebs)
{    
ctx.Load(childWeb, w => w.HasUniqueRoleAssignments);
ListCollection lists = childWeb.Lists;
ctx.Load(lists);
ctx.ExecuteQuery();
sb.AppendFormat(
"Site,{0},{1},{2}", childWeb.Title, childWeb.Url, childWeb.HasUniqueRoleAssignments);
sb.AppendLine();
Console.WriteLine(
"Web Title: {0} - {1}", childWeb.Title, childWeb.Url);
Console.WriteLine(
"        Unique Permissions:{0}", childWeb.HasUniqueRoleAssignments);

foreach (List list in lists)
{
        ctx.Load(list, l => l.DefaultViewUrl, l => l.HasUniqueRoleAssignments);
        ctx.ExecuteQuery();
        Console.WriteLine(
"List Name:{0}-{1}", list.Title, list.DefaultViewUrl);
        Console.WriteLine(
"       Unique Permissions:{0}", list.HasUniqueRoleAssignments);
        sb.AppendFormat(
"List/Doc Lib,{0},{1},{2}", list.Title, list.DefaultViewUrl, list.HasUniqueRoleAssignments);
        sb.AppendLine();
}
sb.AppendLine();
ProcessWebnLists(childWeb,ctx);
}  
         
The final output will be as shown in the below screenshot.


Please download the complete Solution from the gallery.

Unique Permissions for Site/List/Libraries - Office 365/SharePoint 2013 On-Prem