How to Get a SharePoint Online Permissions Report with PowerShell or Netwrix Auditor

Native Solution vs. Netwrix Auditor for SharePoint

Native Solution Netwrix Auditor for SharePoint

Native Solution

Netwrix Auditor for SharePoint

Steps

Download and install the SharePoint Online Client Components SDK.
Open the PowerShell ISE.
Run the following script, typing the appropriate values for $Url and $Path variables to specify the SharePoint site address and the report output path:

#SPO-specific cmdlets require sharepoint-online module
Install-Module -NameMicrosoft.Online.SharePoint.PowerShell
$ServiceURL ="https://enterprise-admin.sharepoint.com"
$URL = "https://enterprise.sharepoint.com"
$Path = "C:\Temp\GroupsReport.csv"
$Cred = Get-Credential
#Connect to SharePoint Online
Connect-SPOService -url$ServiceURL -Credential$Cred
#Generating Report
$GroupsData = @()
#get sharepoint online groups powershell
$SiteGroups =Get-SPOSiteGroup -Site$URL
ForEach($Group in $SiteGroups) {
$GroupsData +=New-Object PSObject-Property @{
'Group Name' =$Group.Title
'Permissions' =$Group.Roles -join ","
'Users' = $Group.Users -join ","
}
}
#Export the data to CSV
$GroupsData |Export-Csv $Path-NoTypeInformation

4. Review your CSV report:

How to Get a SharePoint Online Permissions Report with PowerShell

Run Netwrix Auditor. Navigate to “Reports” -> Click “Predefined” -> Expand the “SharePoint Online” section -> Go to “SharePoint Online – State-in-Time” -> Select “SharePoint Online Object Permissions” -> Click “View”.
Specify the site URL in the “Object Path” field -> Click “View Report”.
Review the easy-to-understand report:

How to Get a SharePoint Online Permissions Report with Netwrix Auditor

Get a Report on SharePoint Online Permissions in Few Clicks

Your SharePoint Online environment is critical for your business: Employees rely on it every day to collaborate and share information with colleagues, partners and customers, and perhaps even to promote and sell products.

But although SharePoint Online is easy for everyone to use, it’s not simple at all to administer and secure. Each site can have its own users, groups, permissions, themes, schemas, workflows and policies. This complexity makes it hard to understand and control access rights. That’s a problem, since many organizations use SharePoint Online to process, share and store various types of sensitive and regulated data — from personally identifiable information (PII) to intellectual property (IP) to financial data — all of which must be properly protected to maintain security and ensure regulatory compliance.

If you want to check what permissions a certain user has on a particular site, you can simply use the Check Permissions button in the Site Permissions subsection of Site Settings. However, if you need to know the access permissions for all users, this manual method is not a viable approach.

Therefore, when you need to get a comprehensive SharePoint Online permissions report, PowerShell is the best native option. However, there is no out-of-the-box cmdlet for getting user or object permissions, so you’ll have to write a script. Sample scripts available online suggest usingaclient-side object model (CSOM), so you’ll have to download and install the SharePoint Online Client Components SDK on your server, add a new SharePoint object type with the correct dll path, and then crawl through your site’s structure. That will take significant time — and solid PowerShell scripting skills.

Netwrix Auditor empowers you to easily see through the complicated permissions of SharePoint Online and clearly see which users have what permissions to what files. You can get the picture of your permissions structure in just few clicks; just run a pre-defined report that shows who has access to what, the level of permissions they have and how those permissions were granted

Previous How-to

How to Enable Mailbox Audit Logging and Review Audit Logs in Office 365

Next How-to

How to Get Exchange Online Mailbox Permissions Report Using PowerShell or Netwrix Auditor