{"id":3694,"date":"2021-09-09T14:24:10","date_gmt":"2021-09-09T13:24:10","guid":{"rendered":"https:\/\/www.lieben.nu\/liebensraum\/?p=3694"},"modified":"2021-09-09T14:24:10","modified_gmt":"2021-09-09T13:24:10","slug":"sharepoint-permission-auditing","status":"publish","type":"post","link":"https:\/\/lieben.nu\/liebensraum\/2021\/09\/sharepoint-permission-auditing\/","title":{"rendered":"Sharepoint permission auditing"},"content":{"rendered":"\n<p class=\"has-white-color has-green-background-color has-text-color has-background has-link-color wp-elements-cc580107892e01c9e5b1364f78ec366f wp-block-paragraph\">Note: superceded by the <a href=\"https:\/\/www.lieben.nu\/liebensraum\/m365permissions\/\" data-type=\"page\" data-id=\"4280\">M365Permissions module<\/a>!<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">When auditing a Sharepoint environment, an important component is permissions;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>invited users<\/li>\n\n\n\n<li>sharing links<\/li>\n\n\n\n<li>inherited permissions<\/li>\n\n\n\n<li>unique permissions<\/li>\n\n\n\n<li>broken inheritance<\/li>\n\n\n\n<li>sites, webs<\/li>\n\n\n\n<li>lists, libraries<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">I&#8217;ve heavily modified <a rel=\"noreferrer noopener\" href=\"https:\/\/www.sharepointdiary.com\/2019\/09\/sharepoint-online-user-permissions-audit-report-using-pnp-powershell.html\" target=\"_blank\">Salaudeen&nbsp;Rajack&#8217;s<\/a> work to share a more fully featured and faster PowerShell auditing script that will dump all unique permissions (up to item level, recursively) for all sharepoint sites (including O365 group sites). For files, folders, sites, libraries, etc etc.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.lieben.nu\/liebensraum\/wp-content\/uploads\/2021\/09\/sharepoint-audit-report.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1898\" height=\"262\" src=\"https:\/\/www.lieben.nu\/liebensraum\/wp-content\/uploads\/2021\/09\/sharepoint-audit-report.png\" alt=\"\" class=\"wp-image-3695\" srcset=\"https:\/\/lieben.nu\/liebensraum\/wp-content\/uploads\/2021\/09\/sharepoint-audit-report.png 1898w, https:\/\/lieben.nu\/liebensraum\/wp-content\/uploads\/2021\/09\/sharepoint-audit-report-300x41.png 300w, https:\/\/lieben.nu\/liebensraum\/wp-content\/uploads\/2021\/09\/sharepoint-audit-report-1024x141.png 1024w, https:\/\/lieben.nu\/liebensraum\/wp-content\/uploads\/2021\/09\/sharepoint-audit-report-768x106.png 768w, https:\/\/lieben.nu\/liebensraum\/wp-content\/uploads\/2021\/09\/sharepoint-audit-report-1536x212.png 1536w\" sizes=\"auto, (max-width: 1898px) 100vw, 1898px\" \/><\/a><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">It retrieves membership of groups so the resulting CSV file contains all permissions, with exception of the &#8220;Everyone&#8221; group, which is listed as a group instead.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You can find the script here: <a href=\"https:\/\/gitlab.com\/Lieben\/assortedFunctions\/-\/blob\/master\/get-SPOPermissions.ps1\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/gitlab.com\/Lieben\/assortedFunctions\/-\/blob\/master\/get-SPOPermissions.ps1<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Usage<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>the script uses device based logon, just follow the prompts. <\/li>\n\n\n\n<li>don&#8217;t forget to first set permissions on all sites for your admin account, see script header for an example<\/li>\n\n\n\n<li>requires the PnP module<\/li>\n\n\n\n<li>you can exclude specific sites or users from the report if needed, configure siteIgnoreList or principalIgnoreList for that<\/li>\n\n\n\n<li>Runtime on an environment with over 1000 sites and millions of objects was about 6 hours. If you environment is too large, contact me and I can perhaps introduce e.g. multi-threading.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Note: superceded by the M365Permissions module! When auditing a Sharepoint environment, an important component is permissions; I&#8217;ve heavily modified Salaudeen&nbsp;Rajack&#8217;s work to share a more fully featured and faster PowerShell auditing script that will dump all unique permissions (up to item level, recursively) for all sharepoint sites (including O365 group sites). For files, folders, sites, &hellip; <a href=\"https:\/\/lieben.nu\/liebensraum\/2021\/09\/sharepoint-permission-auditing\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Sharepoint permission auditing<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[39,43,44],"tags":[],"class_list":["post-3694","post","type-post","status-publish","format-standard","hentry","category-powershell","category-security","category-sharepoint-online"],"_links":{"self":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/posts\/3694","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/comments?post=3694"}],"version-history":[{"count":0,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/posts\/3694\/revisions"}],"wp:attachment":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/media?parent=3694"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/categories?post=3694"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/tags?post=3694"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}