How to Get a SharePoint Permissions Report with or without PowerShell


Native Auditing vs. Netwrix Auditor for SharePoint

We never share your data. Privacy Policy
Native Auditing Netwrix Auditor for SharePoint
Steps
  1. Open the PowerShell ISE → Import the PowerShell snap-in for Microsoft SharePoint by running the following cmdlet:

    Add-PSSnapin Microsoft.SharePoint.PowerShell

  2. Run the following script on your SharePoint server, specifying the SharePoint site URL ($SPSiteURL) and the file path for export to csv ($ExportFile):

    [void][System.Reflection.Assembly]::LoadWithPartialName
    ("Microsoft.SharePoint")
    $SPSiteUrl = "http://sharepoint/sites/ent"
    $SPSite = New-Object Microsoft.SharePoint.SPSite($SPSiteUrl);
    $ExportFile = "C:\root\Permissions.csv" 
    "Web Title,Web URL,List Title,User or Group,Role,Inherited" | out-file $ExportFile 
    foreach ($WebPath in $SPSite.AllWebs)
    {
       if ($WebPath.HasUniqueRoleAssignments)
            {
              $SPRoles = $WebPath.RoleAssignments;
              foreach ($SPRole in $SPRoles)
              {
                foreach ($SPRoleDefinition in $SPRole.RoleDefinitionBindings)
                {
                    $WebPath.Title + "," + $WebPath.Url + "," + "N/A" + "," +
    $SPRole.Member.Name + "," + $SPRoleDefinition.Name + "," +
    $WebPath.HasUniqueRoleAssignments | out-file $ExportFile -append
                }
              }
            }           
            foreach ($List in $WebPath.Lists)
            {
               if ($List.HasUniqueRoleAssignments)
               {
                 $SPRoles = $List.RoleAssignments;
                 foreach ($SPRole in $SPRoles)
                 {
                   foreach ($SPRoleDefinition in $SPRole.RoleDefinitionBindings)
                   {
                        $WebPath.Title + "," + $WebPath.Url + "," + $List.Title + "," +
    $SPRole.Member.Name + "," + $SPRoleDefinition.Name | out-file $ExportFile -append
                   }
                 }
               }
            }
    }
    $SPSite.Dispose();

  3. Open the file produced by the script in MS Excel.

Sample Report:

SharePoint Permissions Report in MS Excel

  1. Run Netwrix Auditor → Navigate to “Reports” → Expand the “SharePoint” section → Go to “SharePoint – State-in-Time” → Select “SharePoint Object Permissions” → Click “View”.
  2. Specify the “Object Path” and set “Permissions” to “(Select All)”.
  3. To export the report to CSV or another format, click the “Export” button → Choose a format from the dropdown menu → Click "Save".

Sample report:

SharePoint Permissions Report in MS Excel

Get a SharePoint Permissions Report to Make Sure Each Account Has Appropriate Access to Your Sensitive Data

Regular audit of SharePoint permissions is critical for security. Misconfigured or maliciously given permissions enable users to view, copy, modify or even delete confidential information they should not have access to. Therefore, regular auditing of SharePoint permissions is crucial to minimizing the risk of data leaks and compliance violations. You can list the current effective permissions for your SharePoint site collections by using Microsoft PowerShell scripts, but they are quite complex and can take time to execute. There is a better way to get a report on SharePoint permissions.

Netwrix Auditor for SharePoint provides state-in-time reports on SharePoint object permissions, objects with broken inheritance, modifications to permissions and permission inheritance, group membership, and security policies. In addition, it reports on changes to permissions, with all the details IT administrators need, including who made each change, when and where it was made, which SharePoint group was affected, and the before and after values. Netwrix Auditor for SharePoint also provides complete visibility into changes to the configuration of your SharePoint farm, as well as changes and read access to data on your SharePoint sites. IT staff can have any report delivered automatically by email to facilitate regular review, and they can use predefined and custom alerts to be notified right away about critical changes or suspicious access attempts.