SharePoint Online：使用 PowerShell 获取子网站权限报告

要求：用于获取 SharePoint Online 中的子网站权限的 PowerShell 脚本。

如何获取SharePoint Online中的子网站权限？

您是否需要访问 SharePoint Online 网站权限但不知道如何操作？如果是这样，这篇博文适合您！通过几个步骤，您将能够查看任何给定 SharePoint Online 上的所有网站权限。我一直致力于一个提高 SharePoint Online 网站安全性的项目。一个问题是太多人可以访问该网站，我需要弄清楚哪些人可以从该网站中删除。

要获取 SharePoint Online 子网站的权限，

1. 单击设置齿轮 >> 单击“站点权限”链接。

2. 点击站点权限页面中的“高级权限设置”。

   

这将为您提供有权访问该子网站的所有用户和组。为网站创建权限报告怎么样？当然，我已经创建了一个报告，其中列出了对特定 SharePoint Online 网站具有权限的所有用户。这帮助我确定哪些用户不再需要访问权限。

SharePoint Online：PowerShell 获取子网站权限

此 PowerShell 脚本提取并导出给定子网站的所有直接权限（不是任何基础对象，例如列表、文件夹或文件）。该报告可用于更好地了解访问和使用您网站的所有人员，并帮助您确定是否需要进行任何更改来满足组织安全要求。

#Parameters
$SiteURL = "https://crescent.sharepoint.com/sites/Marketing/2020"
$ReportOutput = "C:\Temp\SitePermissionRpt.csv"

#Connect to Site
Connect-PnPonline -Url $SiteURL -Interactive

#Get the web
$Web = Get-PnPWeb -Includes RoleAssignments

#Loop through each permission assigned and extract details
$PermissionData = @()
ForEach ($RoleAssignment in $Web.RoleAssignments)
{
    #Get the Permission Levels assigned and Member
    Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member
    
    #Get the Permission Levels assigned
    $PermissionLevels = ($RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name | Where {$_ -ne "Limited Access"}) -join ","
    $PermissionType = $RoleAssignment.Member.PrincipalType

    #Leave Principals with no Permissions
    If($PermissionLevels.Length -eq 0) {Continue}
    
    #Collect Permission Data
    $Permissions = New-Object PSObject
    $Permissions | Add-Member NoteProperty Name($RoleAssignment.Member.Title)
    $Permissions | Add-Member NoteProperty Type($PermissionType)
    $Permissions | Add-Member NoteProperty PermissionLevels($PermissionLevels)
    $PermissionData += $Permissions
}

$PermissionData
$PermissionData | Export-csv -path $ReportOutput -NoTypeInformation

该脚本从子网站获取所有权限并生成 CSV，如下所示：

SharePoint Online：PowerShell 获取网站权限

虽然上面的脚本提取了应用于子网站的权限，但如果您想获取每个组成员以及对该网站的直接权限，该怎么办？

#Parameters
$SiteURL = "https://crescent.sharepoint.com/sites/Marketing/2020"
$ReportOutput = "C:\Temp\SitePermissionRpt.csv"

#Connect to Site
Connect-PnPonline -Url $SiteURL -Interactive

#Get the web
$Web = Get-PnPWeb -Includes RoleAssignments

#Loop through each permission assigned and extract details
$PermissionData = @()
ForEach ($RoleAssignment in $Web.RoleAssignments)
{
    #Get the Permission Levels assigned and Member
    Get-PnPProperty -ClientObject $RoleAssignment -Property RoleDefinitionBindings, Member
    
    #Get the Permission Levels assigned
    $PermissionLevels = ($RoleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name | Where { $_ -ne "Limited Access"} ) -join ","
    
    #Leave Principals with no Permissions
    If($PermissionLevels.Length -eq 0) {Continue}

    $PermissionType = $RoleAssignment.Member.PrincipalType
    #Get SharePoint group members
    If($PermissionType -eq "SharePointGroup")
    {
        #Get Group Members
        $GroupMembers = Get-PnPGroupMember -Identity $RoleAssignment.Member.LoginName
                  
        #Leave Empty Groups
        If($GroupMembers.count -eq 0){ Continue }
        $GroupUsers = ($GroupMembers | Select -ExpandProperty LoginName | Where { $_ -ne "SHAREPOINT\system"}) -join "; "
  
        #Add the Data to Object
        $Permissions = New-Object PSObject
        $Permissions | Add-Member NoteProperty Name($RoleAssignment.Member.Title)
        $Permissions | Add-Member NoteProperty Accounts($GroupUsers)
        $Permissions | Add-Member NoteProperty Type($PermissionType)
        $Permissions | Add-Member NoteProperty PermissionLevels($PermissionLevels)
        $PermissionData += $Permissions
    }
    Else
    {
        #Add the Data to Object
        $Permissions = New-Object PSObject
        $Permissions | Add-Member NoteProperty Name($RoleAssignment.Member.Title)
        $Permissions | Add-Member NoteProperty Accounts($RoleAssignment.Member.LoginName)
        $Permissions | Add-Member NoteProperty Type($PermissionType)
        $Permissions | Add-Member NoteProperty PermissionLevels($PermissionLevels)
        $PermissionData += $Permissions
    }
}

#Export Permissions data to CSV file
$PermissionData | Export-csv -path $ReportOutput -NoTypeInformation

此脚本获取 SharePoint Online 网站或子网站的所有用户、SharePoint 组和成员及其权限。请注意，此脚本生成给定网站或子网站的权限报告，而不是任何基础对象（例如子网站、列表、库、文件夹或列表项）的权限。要生成 SharePoint Online 网站和子网站的完整权限报告，请使用：SharePoint Online：使用 PnP PowerShell 为网站集生成权限报告