如何通过PowerShell获取SharePoint Online Site中的独立权限？-APISpace

如何通过PowerShell获取SharePoint Online Site中的独立权限？

Blog链接：Policy, 需要掌握某个存有Sensitive Info的site下打破继承（拥有独立权限）的Report，但是我们都知道SharePoint Online原生的功能是无法获取到Permission Report的，今天本文将给大家分享如何通过PowerShell设置$SiteURL和$ReportFile两个参数来获取Unique Permission。

说明：因为我们调用的是CSOM API，执行下面脚本时建议在SharePoint Server 2016或者2019 的WFE 上，如在Windows 10或者11系统上执行该脚本，确保以下路径含有以下2个dll文件，否则执行脚本是会出错，提示如下图：

C:\ProgramFiles\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dllC:\ProgramFiles\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll

接下来，我们打开Windows PowerShell，输入如下脚本：

#Load SharePoint CSOM AssembliesAdd-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll" #To call a non-generic Load MethodFunction Invoke-LoadMethod() { Param( [Microsoft.SharePoint.Client.ClientObject]$Object = $(throw "Please provide a Client Object"), [string]$PropertyName ) $Ctx = $Object.Context $Load = [Microsoft.SharePoint.Client.ClientContext].GetMethod("Load") $Type = $Object.GetType() $ClientLoad = $Load.MakeGenericMethod($Type) $Parameter = [System.Linq.Expressions.Expression]::Parameter(($Type), $Type.Name) $Expression = [System.Linq.Expressions.Expression]::Lambda([System.Linq.Expressions.Expression]::Convert([System.Linq.Expressions.Expression]::PropertyOrField($Parameter,$PropertyName),[System.Object] ), $($Parameter)) $ExpressionArray = [System.Array]::CreateInstance($Expression.GetType(), 1) $ExpressionArray.SetValue($Expression, 0) $ClientLoad.Invoke($Ctx,@($Object,$ExpressionArray))} #Function to Get Unique Permission from a Web and its contents - recursivelyFunction Get-SPOUniquePermissionReport([Microsoft.SharePoint.Client.Web]$Web){ Write-host -f Yellow "`nSearching Unique Permissions on the Site:"$web.Url #Check if the given site is using unique permissions Invoke-LoadMethod -Object $Web -PropertyName "HasUniqueRoleAssignments" $Ctx.ExecuteQuery() #Get the Root Web $RootWeb = $ctx.site.RootWeb $Ctx.Load($RootWeb) $Ctx.ExecuteQuery() ### Check if the web has broken inheritance If($Web.HasUniqueRoleAssignments -and $Web.ID -ne $RootWeb.ID) { #Get Object Details and Send the Data to Report file $ObjectName = $Web.Title ;$ObjectType = "Sub Site" ; $ObjectURL = $Web.URL "$($ObjectName) `t $($ObjectURL) `t $($ObjectType)" | Out-File $CSVFile -Append Write-host -f Green "`t Unique Permissions Found on Site:" $Web.URL } ### Get unique permission in Lists Write-host -f Yellow "`t Searching Unique Permissions on the Lists..." $Lists = $Web.Lists $Ctx.Load($Lists) $Ctx.ExecuteQuery() #Exclude system lists $ExcludedLists = @("App Packages","appdata","appfiles","Apps in Testing","Cache Profiles","Composed Looks","Content and Structure Reports","Content type publishing error log","Converted Forms", "Device Channels","Form Templates","fpdatasources","Get started with Apps for Office and SharePoint","List Template Gallery", "Long Running Operation Status","Maintenance Log Library", "Style Library", ,"Master Docs","Master Page Gallery","MicroFeed","NintexFormXml","Quick Deploy Items","Relationships List","Reusable Content","Search Config List", "Solution Gallery", "Site Collection Images", "Suggested Content Browser Locations","TaxonomyHiddenList","User Information List","Web Part Gallery","wfpub","wfsvc","Workflow History","Workflow Tasks", "Preservation Hold Library") #Iterate through each list ForEach($List in $Lists) { $Ctx.Load($List) $Ctx.ExecuteQuery() If($ExcludedLists -NotContains $List.Title -and $List.Hidden -eq $false) { #Check if the given site is using unique permissions Invoke-LoadMethod -Object $List -PropertyName "HasUniqueRoleAssignments" $Ctx.ExecuteQuery() #Check if List has unique permissions If($List.HasUniqueRoleAssignments) { #Send Data to CSV File $ObjectTitle = $List.Title $ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $List.RootFolder.ServerRelativeUrl) $ObjectType = "List/Library" "$($ObjectTitle) `t $($ObjectURL) `t $($ObjectType)" | Out-File $CSVFile -Append Write-host -f Green "`t`tUnique Permissions Found on the List: '$($List.Title)'" } Write-host -f Yellow "`t`t Searching Unique Permissions on the Lists Items of '$($List.Title)'" #Query to get list items in batches $Query = New-Object Microsoft.SharePoint.Client.CamlQuery $Query.ViewXml = "2000" ### Get unique permission on List items Do { #Get all items from the list $ListItems = $List.GetItems($Query) $Ctx.Load($ListItems) $Ctx.ExecuteQuery() $Query.ListItemCollectionPosition = $ListItems.ListItemCollectionPosition #Loop through each List item ForEach($ListItem in $ListItems) { Invoke-LoadMethod -Object $ListItem -PropertyName "HasUniqueRoleAssignments" $Ctx.ExecuteQuery() If ($ListItem.HasUniqueRoleAssignments -eq $true) { #Send Data to CSV File $ObjectType = "List Item/Folder" #Get the URL of the List Item Invoke-LoadMethod -Object $ListItem.ParentList -PropertyName "DefaultDisplayFormUrl" $Ctx.ExecuteQuery() $DefaultDisplayFormUrl = $ListItem.ParentList.DefaultDisplayFormUrl $ObjectURL = $("{0}{1}?ID={2}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $DefaultDisplayFormUrl,$ListItem.ID) $ObjectTitle = $ListItem["Title"] "$($ObjectTitle) `t $($ObjectURL) `t $($ObjectType)" | Out-File $CSVFile -Append Write-host -ForegroundColor Green "`t`t`t Unique Permissions Found on Item ID:" $ListItem.ID } } } While ($Query.ListItemCollectionPosition -ne $null) } } #Process each subsite in the site $Subsites = $Web.Webs $Ctx.Load($Subsites) $Ctx.ExecuteQuery() Foreach ($SubSite in $Subsites) { #Call the function Recursively Get-SPOUniquePermissionReport($Subsite) }} #Config Parameters$SiteURL= "= "D:\Contoso\UniquePermissionsRpt.csv" #Get Credentials to connect$Cred = Get-Credential Try { #Setup the context $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL) $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password) #Get the Web $Web = $Ctx.Web $Ctx.Load($Web) $Ctx.ExecuteQuery() #Write CSV (TAB Separated) File Header "Title `t URL `t Object" | Out-File $CSVFile #Call the function to get unique permissions from the site collection Get-SPOUniquePermissionReport $Web}Catch { write-host -f Red "Error:" $_.Exception.Message}

执行该脚本，会发现开始遍历contoso网站下打破继承的独立权限，如下图所示：

同时我们也会在D盘的Contoso文件夹中获取到Report，如下图所示：

好了，上述是关于如何获取网站中独立权限的Powershell脚本，希望对大家日后管理网站权限提供帮助，若有其他疑问欢迎线下讨论。

标签：API

java系统找不到指定文件怎么解决

335 2022-10-02

如何通过PowerShell获取SharePoint Online Site中的独立权限？

java系统找不到指定文件怎么解决

ajax怎么读取本地文件

C++怎么实现iocp进行SOCKET通信

推荐文章

api接口有哪几种分类及功能

什么是API接口?API接口简单介绍

短信API接口概述，短信API接口的优势

7款快递物流的物流查询API工具，物流快递查询API接口怎么对接？

企业四要素: 了解企业经营成功的关键

什么是语音验证码?,语音验证码平台有哪些

全国工商查询系统怎么查企业名录

哪些平台提供实名认证的接口？

PHP如何调用API接口?

如何使用百度天气预报API接口?

最近发表

热评文章

数据接口api（数据接口API开发平台）

数据开放接口api（数据服务api开发）

Python爬虫教程：爬取酷狗音乐（python爬取

hbuilder怎么更改字体大小和颜色

直播平台api接口 - 构建卓越的直播平台

实时股票数据api接口（股票实时行情api接口）