Find all items with unique permissions and export to csv
Summary
It is a very common request to inventory the items with custom permissions.
$adminSiteURL = "https://contoso-admin.sharepoint.com/"
$listOfItemWithCustomPermissionsCSVPath = "C:\temp\itemswithcustompermissions.csv"
$listOfListsWithCustomPermissionsCSVPath = "C:\temp\listswithcustompermissions.csv"
function Handle-Web ($webUrl)
{
try
{
# Most likely you should use the app-only approach, but for now I'm using the interactive approach
#$localconn = Connect-PnPOnline -Url $webUrl -ClientId $ClientId -thumbprint $thumbprint -Tenant $TenantName -ReturnConnection -erroraction stop
$localconn = Connect-PnPOnline -Url $webUrl -Interactive -ReturnConnection
#first root
$lists = Get-PnPList -Connection $localconn
foreach($list in $lists)
{
$IsSystemList = Get-PnPProperty -ClientObject $list -Property IsSystemList -Connection $localconn
if($IsSystemList)
{
write-host " Skipping $($list.Title) on $webUrl" -ForegroundColor Yellow
continue #skipping the system lists
}
write-host " handling $($list.Title) on $($webUrl)" -ForegroundColor Blue
$listHasUniqueRoleAssignments = Get-PnPProperty -ClientObject $list -Property "HasUniqueRoleAssignments" -Connection $localconn
if($listHasUniqueRoleAssignments )
{
$listInfo = New-Object PSObject
$listInfo | Add-Member NoteProperty Title($list.Title)
$listInfo | Add-Member NoteProperty Url($list.ParentWebUrl)
$global:listOfListsWithCustomPermissions+=$listInfo
}
else
{
$listitems = Get-PnPListItem -List $list -PageSize 500 -Connection $localconn
foreach($listItem in $listitems)
{
$listItemHasUniqueRoleAssignments = Get-PnPProperty -ClientObject $listItem -Property HasUniqueRoleAssignments -Connection $localconn
if($listItemHasUniqueRoleAssignments)
{
$listItemInfo = New-Object PSObject
$listItemInfo | Add-Member NoteProperty Title($listItem["FileLeafRef"])
$listItemInfo | Add-Member NoteProperty List($list.Title)
$listItemInfo | Add-Member NoteProperty Url($list.ParentWebUrl)
$global:listOfItemWithCustomPermissions += $listItemInfo
}
}
}
}
#then sub sites (which shouldn't be there ;-))
$subs = Get-PnPSubWeb -Recurse -Connection $localconn
foreach($sub in $subs)
{
Handle-Web -webUrl $sub.Url
}
}
catch
{
write-host $_.Exception.Message
#log the error
}
}
$global:listOfItemWithCustomPermissions = @()
$global:listOfListsWithCustomPermissions = @()
$conn = Connect-PnPOnline -Url $adminSiteURL -Interactive -ReturnConnection
$allSites = Get-PnPTenantSite -Connection $conn
try
{
$counter = 0
$allSitesCount = $allSites.Count
foreach($site in $allSites)
{
write-host " at $counter of $allSitesCount" -ForegroundColor Green
$counter++
#first root
Handle-Web $site.Url
}
}
catch
{
Write-Error $_.Exception.Message
}
$listOfItemWithCustomPermissions | Export-Csv -Path $listOfItemWithCustomPermissionsCSVPath -Force -Encoding utf8BOM -Delimiter "|"
$listOfListsWithCustomPermissions | Export-Csv -Path $listOfListsWithCustomPermissionsCSVPath -Force -Encoding utf8BOM -Delimiter "|"
Check out the PnP PowerShell to learn more at: https://aka.ms/pnp/powershell
The way you login into PnP PowerShell has changed please read PnP Management Shell EntraID app is deleted : what should I do ?
Contributors
Author(s) |
---|
Kasper Larsen |
Disclaimer
THESE SAMPLES ARE PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.