Saltar al contenido

Sharepoint: recupere permisos a nivel de carpeta y archivo en Powershell

Solución:

Este es el método que utiliza PnP Online. Recupere las propiedades adicionales usando

Get-PnPProperty

Connect-PnPOnline -Url $siteUrl
$context = Get-PnPContext

Para archivos

$file = Get-PnPFile -Url $filePath -AsListItem
        Get-PnPProperty -ClientObject $file -Property HasUniqueRoleAssignments, RoleAssignments

        if($file.HasUniqueRoleAssignments -eq $True) 
        
            foreach($roleAssignments in $file.RoleAssignments )  
            
                Get-PnPProperty -ClientObject $roleAssignments -Property RoleDefinitionBindings, Member

                $permission.LoginName = $roleAssignments.Member.LoginName
                $permission.LoginTitle = $roleAssignments.Member.Title
                $permission.PrincipalType = $roleAssignments.Member.PrincipalType.ToString()
                $permission.Permission = ""
                #Get the Permissions assigned to user 
                foreach ($RoleDefinition  in $roleAssignments.RoleDefinitionBindings) 
                 
                    $permission.Permission = $permission.Permission + "," + $RoleDefinition.Name 
                
            
        

Para carpetas

        $file = Get-PnPFolder -Url $filePath -Includes ListItemAllFields.RoleAssignments, ListItemAllFields.HasUniqueRoleAssignments
        $context.Load($file);
        $context.ExecuteQuery();

        if($file.ListItemAllFields.HasUniqueRoleAssignments -eq $True) 
        
            foreach($roleAssignments in $file.ListItemAllFields.RoleAssignments)
            
                Get-PnPProperty -ClientObject $roleAssignments -Property RoleDefinitionBindings, Member

                $permission.LoginName = $roleAssignments.Member.LoginName
                $permission.LoginTitle = $roleAssignments.Member.Title
                $permission.PrincipalType = $roleAssignments.Member.PrincipalType.ToString()
                $permission.Permission = ""
                 #Get the Permissions assigned to user/group
                foreach ($RoleDefinition in $roleAssignments.RoleDefinitionBindings)
                     $permission.Permission = $permission.Permission + "," + $RoleDefinition.Name
                
            
        

En caso de que solo quiera usar pnp-powershell, todo lo que necesita hacer para cada una de esas carpetas / archivos:

EXPEDIENTE

$result = Get-PnPProperty -ClientObject $file -Property RoleAssignments       
        Get-PnPProperty -ClientObject $file.RoleAssignments -Property Groups
        foreach ($role in $file.RoleAssignments) 
            $result = Get-PnPProperty -ClientObject $role -Property RoleDefinitionBindings, Member
        

CARPETA

$result = Get-PnPProperty -ClientObject $folder -Property RoleAssignments       
        Get-PnPProperty -ClientObject $folder.RoleAssignments -Property Groups
        foreach ($role in $file.RoleAssignments) 
            $result = Get-PnPProperty -ClientObject $role -Property RoleDefinitionBindings, Member
        

Después de eso, encontrará todos los detalles de los permisos asignados en la propiedad “asignaciones de roles”.

Este script debería ayudarte a:

https://gallery.technet.microsoft.com/office/SharePoint-Permissions-f42ea9db

Mira este bit:

     foreach($List in $Web.lists) 
        { 
            if($List.HasUniqueRoleAssignments -eq $True -and ($List.Hidden -eq $false)) 
             
                #Get all the users granted permissions to the list 
                foreach($ListRoleAssignment in $List.RoleAssignments )  
                  
                    #Is it a User Account? 
                    if($ListRoleAssignment.Member.userlogin)     
                     
                        #Get the Permissions assigned to user 
                        [email protected]() 
                        foreach ($RoleDefinition  in $ListRoleAssignment.RoleDefinitionBindings) 
                         
                            $ListUserPermissions += $RoleDefinition.Name +";" 
                         

                        #Send the Data to Log file 
                        "$($List.ParentWeb.Url)/$($List.RootFolder.Url)`tList`t$($List.Title)`tDirect Permission`t$($ListUserPermissions) `t$($ListRoleAssignment.Member)"  
                    #Its a SharePoint Group, So search inside the group and check if the user is member of that group 
                    else   
                     
                        foreach($user in $ListRoleAssignment.member.users) 
                         
                            #Get the Group's Permissions on site 
                            [email protected]() 
                            foreach ($RoleDefinition  in $ListRoleAssignment.RoleDefinitionBindings) 
                             
                                $ListGroupPermissions += $RoleDefinition.Name +";" 
                             

                            #Send the Data to Log file 
                            "$($List.ParentWeb.Url)/$($List.RootFolder.Url)`tList`t$($List.Title)`tMember of $($ListRoleAssignment.Member.Name) Group`t$($ListGroupPermissions)`t$($user.LoginName)"  
                         
                 
             

            #Get Folder level permissions 
            foreach($Folder in $List.folders) 
             
                if($Folder.HasUniqueRoleAssignments -eq $True) 
                 
                    #Get all the users granted permissions to the folder 
                    foreach($FolderRoleAssignment in $Folder.RoleAssignments )  
                      
                        #Is it a User Account? 
                        if($FolderRoleAssignment.Member.userlogin)     
                         Out-File $FileUrl -Append 
                         
                        #Its a SharePoint Group, So search inside the group and check if the user is member of that group 
                        else   
                         
                            foreach($user in $FolderRoleAssignment.member.users) 
                             Out-File $FileUrl -Append 

                             
                             
                     
                 
             

            #Get Item level permissions 
            foreach($Item in $List.items) 
             
                if($Item.HasUniqueRoleAssignments -eq $True) 
                 
                    #Get all the users granted permissions to the item 
                    foreach($ItemRoleAssignment in $Item.RoleAssignments )  
                      
                        #Is it a User Account? 
                        if($ItemRoleAssignment.Member.userlogin)     
                         Out-File $FileUrl -Append 
                         
                        #Its a SharePoint Group, So search inside the group and check if the user is member of that group 
                        else   
                         
                            foreach($user in $ItemRoleAssignment.member.users) 
                             Select-Object -first 1 
                                if ($ItemDispForm.Url) 
                                 
                                    $ItemUrl = "$($Item.Web.Url)/$($ItemDispForm.Url)?ID=$($Item.ID)"  
                                 
                                else 
                                 
                                    $ItemUrl = "$($Item.Url)" 
                                 

                                if ($Item.Name) 
                                 
                                    $ItemTitle = $Item.Name 
                                 
                                else 
                                 
                                    $ItemTitle = $Item.Title 
                                 

                                #Send the Data to Log file 
                                "$($ItemUrl)`tItem`t$($ItemTitle)`tMember of $($ItemRoleAssignment.Member.Name) Group`t$($ItemGroupPermissions)`t$($user.LoginName)"  
                             
                     
                 
             

Si estás de acuerdo, tienes la libertad de dejar un tutorial acerca de qué le añadirías a este ensayo.

¡Haz clic para puntuar esta entrada!
(Votos: 0 Promedio: 0)



Utiliza Nuestro Buscador

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *