SharePoint Online Permission Matrix
Hi After migration you may like to compare the existing user permissions(On-Prem and current user permission (Online)
Note : NTAuthenitcated users need to be replaced with
Every one .
Please use the below two Powers-hell script to get the result
Pre requisites :
1. Sharepoint online management shell
2.Download the Sharepoint SDK , It will install all the SharePoint client related Dll
3. Have admin permission
Paths to SDK. Please verify location on your computer.
# On farm it would be available at c:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\
Add-Type -Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
Two set power shell required to get the result
1.
please the name it as powershellUserpermission.ps1 (as per u r wish)
--- Begin
Import-Module Microsoft.Online.SharePoint.PowerShell
$admin = "your email id "
$pass = ConvertTo-SecureString "Pwad" -AsPlainText -Force
$OutputFile = "C:\Temp\Company_AllSitePermissions.csv"
Set-Content $OutputFile "Site,HasUniquePerm?,Group Name,Group Owner,Login Name,Roles"
Function Get-SPOAllSitePermissions ($url)
{
$ctx = New-Object Microsoft.SharePoint.Client.ClientContext($url)
$ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($admin, $pass)
$web = $ctx.Web
Load-CSOMProperties -Object $web -PropertyNames @("HasUniqueRoleAssignments", "Url", "Title")
$ctx.Load($ctx.Web.Webs)
$ctx.Load($ctx.Web.RoleAssignments)
$ctx.ExecuteQuery()
Write-Host $web.Url
$webUrl = $web.Url
$record = "`"$webUrl`",$($web.HasUniqueRoleAssignments),"
if($web.HasUniqueRoleAssignments -eq $true) {
$firstIteration = $true #helps when to append commas
foreach($roleAssignment in $ctx.Web.RoleAssignments) {
Load-CSOMProperties -Object $roleAssignment -PropertyNames @("Member","RoleDefinitionBindings")
$ctx.ExecuteQuery()
$roles = ($roleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name) -join ", ";
$loginName = if($roleAssignment.Member.PrincipalType -eq "User") { $($roleAssignment.Member.LoginName) } else { "" }
$record += if($firstIteration) { "" } else { ",," }
$record += "`"$($roleAssignment.Member.Title)`",`"$($roleAssignment.Member.OwnerTitle)`","
$record += "`"$loginName`",`"$roles`""
Add-Content $OutputFile $record
$firstIteration = $false
$record = ""
}
}
else {
Add-Content $OutputFile $record #you can refer the permissions from its parent web.
}
if($web.Webs.Count -eq 0)
{
}
else {
foreach ($web in $web.Webs) {
Get-SPOAllSitePermissions -Url $web.Url
}
}
}
# Paths to SDK. Please verify location on your computer.
# On farm it would be available at c:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\
Add-Type -Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
.\Load-CSOMProperties.ps1
Get-SPOAllSitePermissions "https://Tenant/site-collection" ///--- Url.. Subsite or site-collection
------ End
2. Second Powershell
please the name it as Load-CSOMProperties.ps1 (don't change the name)
-- Begin
<#
.Synopsis
Facilitates the loading of specific properties of a Microsoft.SharePoint.Client.ClientObject object or Microsoft.SharePoint.Client.ClientObjectCollection object.
.DESCRIPTION
Replicates what you would do with a lambda expression in C#.
For example, "ctx.Load(list, l => list.Title, l => list.Id)" becomes
"Load-CSOMProperties -object $list -propertyNames @('Title', 'Id')".
.EXAMPLE
Load-CSOMProperties -parentObject $web -collectionObject $web.Fields -propertyNames @("InternalName", "Id") -parentPropertyName "Fields" -executeQuery
$web.Fields | select InternalName, Id
.EXAMPLE
Load-CSOMProperties -object $web -propertyNames @("Title", "Url", "AllProperties") -executeQuery
$web | select Title, Url, AllProperties
#>
function global:Load-CSOMProperties {
[CmdletBinding(DefaultParameterSetName='ClientObject')]
param (
# The Microsoft.SharePoint.Client.ClientObject to populate.
[Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 0, ParameterSetName = "ClientObject")]
[Microsoft.SharePoint.Client.ClientObject]
$object,
# The Microsoft.SharePoint.Client.ClientObject that contains the collection object.
[Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 0, ParameterSetName = "ClientObjectCollection")]
[Microsoft.SharePoint.Client.ClientObject]
$parentObject,
# The Microsoft.SharePoint.Client.ClientObjectCollection to populate.
[Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 1, ParameterSetName = "ClientObjectCollection")]
[Microsoft.SharePoint.Client.ClientObjectCollection]
$collectionObject,
# The object properties to populate
[Parameter(Mandatory = $true, Position = 1, ParameterSetName = "ClientObject")]
[Parameter(Mandatory = $true, Position = 2, ParameterSetName = "ClientObjectCollection")]
[string[]]
$propertyNames,
# The parent object's property name corresponding to the collection object to retrieve (this is required to build the correct lamda expression).
[Parameter(Mandatory = $true, Position = 3, ParameterSetName = "ClientObjectCollection")]
[string]
$parentPropertyName,
# If specified, execute the ClientContext.ExecuteQuery() method.
[Parameter(Mandatory = $false, Position = 4)]
[switch]
$executeQuery
)
begin { }
process {
if ($PsCmdlet.ParameterSetName -eq "ClientObject") {
$type = $object.GetType()
} else {
$type = $collectionObject.GetType()
if ($collectionObject -is [Microsoft.SharePoint.Client.ClientObjectCollection]) {
$type = $collectionObject.GetType().BaseType.GenericTypeArguments[0]
}
}
$exprType = [System.Linq.Expressions.Expression]
$parameterExprType = [System.Linq.Expressions.ParameterExpression].MakeArrayType()
$lambdaMethod = $exprType.GetMethods() | ? { $_.Name -eq "Lambda" -and $_.IsGenericMethod -and $_.GetParameters().Length -eq 2 -and $_.GetParameters()[1].ParameterType -eq $parameterExprType }
$lambdaMethodGeneric = Invoke-Expression "`$lambdaMethod.MakeGenericMethod([System.Func``2[$($type.FullName),System.Object]])"
$expressions = @()
foreach ($propertyName in $propertyNames) {
$param1 = [System.Linq.Expressions.Expression]::Parameter($type, "p")
try {
$name1 = [System.Linq.Expressions.Expression]::Property($param1, $propertyName)
} catch {
Write-Error "Instance property '$propertyName' is not defined for type $type"
return
}
$body1 = [System.Linq.Expressions.Expression]::Convert($name1, [System.Object])
$expression1 = $lambdaMethodGeneric.Invoke($null, [System.Object[]] @($body1, [System.Linq.Expressions.ParameterExpression[]] @($param1)))
if ($collectionObject -ne $null) {
$expression1 = [System.Linq.Expressions.Expression]::Quote($expression1)
}
$expressions += @($expression1)
}
if ($PsCmdlet.ParameterSetName -eq "ClientObject") {
$object.Context.Load($object, $expressions)
if ($executeQuery) { $object.Context.ExecuteQuery() }
} else {
$newArrayInitParam1 = Invoke-Expression "[System.Linq.Expressions.Expression``1[System.Func````2[$($type.FullName),System.Object]]]"
$newArrayInit = [System.Linq.Expressions.Expression]::NewArrayInit($newArrayInitParam1, $expressions)
$collectionParam = [System.Linq.Expressions.Expression]::Parameter($parentObject.GetType(), "cp")
$collectionProperty = [System.Linq.Expressions.Expression]::Property($collectionParam, $parentPropertyName)
$expressionArray = @($collectionProperty, $newArrayInit)
$includeMethod = [Microsoft.SharePoint.Client.ClientObjectQueryableExtension].GetMethod("Include")
$includeMethodGeneric = Invoke-Expression "`$includeMethod.MakeGenericMethod([$($type.FullName)])"
$lambdaMethodGeneric2 = Invoke-Expression "`$lambdaMethod.MakeGenericMethod([System.Func``2[$($parentObject.GetType().FullName),System.Object]])"
$callMethod = [System.Linq.Expressions.Expression]::Call($null, $includeMethodGeneric, $expressionArray)
$expression2 = $lambdaMethodGeneric2.Invoke($null, @($callMethod, [System.Linq.Expressions.ParameterExpression[]] @($collectionParam)))
$parentObject.Context.Load($parentObject, $expression2)
if ($executeQuery) { $parentObject.Context.ExecuteQuery() }
}
}
end { }
}
---End
