Solución:
Este es el método que utiliza PnP Online. Recupere las propiedades adicionales usando
Get-PnPProperty
Connect-PnPOnline -Url $siteUrl
$context = Get-PnPContext
Para archivos
$file = Get-PnPFile -Url $filePath -AsListItem
Get-PnPProperty -ClientObject $file -Property HasUniqueRoleAssignments, RoleAssignments
if($file.HasUniqueRoleAssignments -eq $True)
foreach($roleAssignments in $file.RoleAssignments )
Get-PnPProperty -ClientObject $roleAssignments -Property RoleDefinitionBindings, Member
$permission.LoginName = $roleAssignments.Member.LoginName
$permission.LoginTitle = $roleAssignments.Member.Title
$permission.PrincipalType = $roleAssignments.Member.PrincipalType.ToString()
$permission.Permission = ""
#Get the Permissions assigned to user
foreach ($RoleDefinition in $roleAssignments.RoleDefinitionBindings)
$permission.Permission = $permission.Permission + "," + $RoleDefinition.Name
Para carpetas
$file = Get-PnPFolder -Url $filePath -Includes ListItemAllFields.RoleAssignments, ListItemAllFields.HasUniqueRoleAssignments
$context.Load($file);
$context.ExecuteQuery();
if($file.ListItemAllFields.HasUniqueRoleAssignments -eq $True)
foreach($roleAssignments in $file.ListItemAllFields.RoleAssignments)
Get-PnPProperty -ClientObject $roleAssignments -Property RoleDefinitionBindings, Member
$permission.LoginName = $roleAssignments.Member.LoginName
$permission.LoginTitle = $roleAssignments.Member.Title
$permission.PrincipalType = $roleAssignments.Member.PrincipalType.ToString()
$permission.Permission = ""
#Get the Permissions assigned to user/group
foreach ($RoleDefinition in $roleAssignments.RoleDefinitionBindings)
$permission.Permission = $permission.Permission + "," + $RoleDefinition.Name
En caso de que solo quiera usar pnp-powershell, todo lo que necesita hacer para cada una de esas carpetas / archivos:
EXPEDIENTE
$result = Get-PnPProperty -ClientObject $file -Property RoleAssignments
Get-PnPProperty -ClientObject $file.RoleAssignments -Property Groups
foreach ($role in $file.RoleAssignments)
$result = Get-PnPProperty -ClientObject $role -Property RoleDefinitionBindings, Member
CARPETA
$result = Get-PnPProperty -ClientObject $folder -Property RoleAssignments
Get-PnPProperty -ClientObject $folder.RoleAssignments -Property Groups
foreach ($role in $file.RoleAssignments)
$result = Get-PnPProperty -ClientObject $role -Property RoleDefinitionBindings, Member
Después de eso, encontrará todos los detalles de los permisos asignados en la propiedad “asignaciones de roles”.
Este script debería ayudarte a:
https://gallery.technet.microsoft.com/office/SharePoint-Permissions-f42ea9db
Mira este bit:
foreach($List in $Web.lists)
{
if($List.HasUniqueRoleAssignments -eq $True -and ($List.Hidden -eq $false))
#Get all the users granted permissions to the list
foreach($ListRoleAssignment in $List.RoleAssignments )
#Is it a User Account?
if($ListRoleAssignment.Member.userlogin)
#Get the Permissions assigned to user
[email protected]()
foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)
$ListUserPermissions += $RoleDefinition.Name +";"
#Send the Data to Log file
"$($List.ParentWeb.Url)/$($List.RootFolder.Url)`tList`t$($List.Title)`tDirect Permission`t$($ListUserPermissions) `t$($ListRoleAssignment.Member)"
#Its a SharePoint Group, So search inside the group and check if the user is member of that group
else
foreach($user in $ListRoleAssignment.member.users)
#Get the Group's Permissions on site
[email protected]()
foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)
$ListGroupPermissions += $RoleDefinition.Name +";"
#Send the Data to Log file
"$($List.ParentWeb.Url)/$($List.RootFolder.Url)`tList`t$($List.Title)`tMember of $($ListRoleAssignment.Member.Name) Group`t$($ListGroupPermissions)`t$($user.LoginName)"
#Get Folder level permissions
foreach($Folder in $List.folders)
if($Folder.HasUniqueRoleAssignments -eq $True)
#Get all the users granted permissions to the folder
foreach($FolderRoleAssignment in $Folder.RoleAssignments )
#Is it a User Account?
if($FolderRoleAssignment.Member.userlogin)
Out-File $FileUrl -Append
#Its a SharePoint Group, So search inside the group and check if the user is member of that group
else
foreach($user in $FolderRoleAssignment.member.users)
Out-File $FileUrl -Append
#Get Item level permissions
foreach($Item in $List.items)
if($Item.HasUniqueRoleAssignments -eq $True)
#Get all the users granted permissions to the item
foreach($ItemRoleAssignment in $Item.RoleAssignments )
#Is it a User Account?
if($ItemRoleAssignment.Member.userlogin)
Out-File $FileUrl -Append
#Its a SharePoint Group, So search inside the group and check if the user is member of that group
else
foreach($user in $ItemRoleAssignment.member.users)
Select-Object -first 1
if ($ItemDispForm.Url)
$ItemUrl = "$($Item.Web.Url)/$($ItemDispForm.Url)?ID=$($Item.ID)"
else
$ItemUrl = "$($Item.Url)"
if ($Item.Name)
$ItemTitle = $Item.Name
else
$ItemTitle = $Item.Title
#Send the Data to Log file
"$($ItemUrl)`tItem`t$($ItemTitle)`tMember of $($ItemRoleAssignment.Member.Name) Group`t$($ItemGroupPermissions)`t$($user.LoginName)"
Si estás de acuerdo, tienes la libertad de dejar un tutorial acerca de qué le añadirías a este ensayo.
¡Haz clic para puntuar esta entrada!
(Votos: 0 Promedio: 0)