SharePoint Online：使用 PowerShell 的独特权限报告

要求：使用 PowerShell 在 SharePoint Online 中获取唯一权限报告。

SharePoint Online 独特权限报告的 PowerShell

在 SharePoint Online 中，跟踪分配给每个网站、列表和库的权限非常重要。然而，这可能是一项艰巨的任务，尤其是在大型且复杂的环境中。独特的权限报告提供了分配给 SharePoint Online 网站中每个项目的权限的清晰、简洁的概述，从而更轻松地管理权限并确保符合安全策略。

要使用此 PowerShell 在 SharePoint Online 中查找唯一权限，请设置 $SiteURL 和 $ReportFile 参数并运行此脚本。它会生成一个 CSV 文件，其中包含给定网站集中具有唯一权限的所有网站、列表和列表项。以下是用于获取唯一权限的 SharePoint Online PowerShell：

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
  
#Function to Get Unique Permission from a Web and its contents - recursively
Function Get-SPOUniquePermissionReport([Microsoft.SharePoint.Client.Web]$Web)
{
    Write-host -f Yellow "`nSearching Unique Permissions on the Site:"$web.Url

    #Check if the given site is using unique permissions
    $Web.Retrieve("HasUniqueRoleAssignments")
    $Ctx.ExecuteQuery()
     
    #Get the Root Web
    $RootWeb = $ctx.site.RootWeb
    $Ctx.Load($RootWeb)
    $Ctx.ExecuteQuery()
 
    ### Check if the web has broken inheritance
    If($Web.HasUniqueRoleAssignments -and $Web.ID -ne $RootWeb.ID)
    {
        #Get Object Details and Send the Data to Report file
        $ObjectName = $Web.Title ;$ObjectType = "Sub Site" ; $ObjectURL = $Web.URL
        "$($ObjectName) `t $($ObjectURL) `t $($ObjectType)" | Out-File $CSVFile -Append
        Write-host -f Green "`t Unique Permissions Found on Site:" $Web.URL
    }
         
    ### Get unique permission in Lists
    Write-host -f Yellow "`t Searching Unique Permissions on the Lists..."
    $Lists =  $Web.Lists
    $Ctx.Load($Lists)
    $Ctx.ExecuteQuery()
 
    #Exclude system lists
    $ExcludedLists = @("App Packages","appdata","appfiles","Apps in Testing","Cache Profiles","Composed Looks","Content and Structure Reports","Content type publishing error log","Converted Forms",
     "Device Channels","Form Templates","fpdatasources","Get started with Apps for Office and SharePoint","List Template Gallery", "Long Running Operation Status","Maintenance Log Library", "Style Library",
     ,"Master Docs","Master Page Gallery","MicroFeed","NintexFormXml","Quick Deploy Items","Relationships List","Reusable Content","Search Config List", "Solution Gallery", "Site Collection Images",
     "Suggested Content Browser Locations","TaxonomyHiddenList","User Information List","Web Part Gallery","wfpub","wfsvc","Workflow History","Workflow Tasks", "Preservation Hold Library")
     
    #Iterate through each list
    ForEach($List in $Lists)
    {
        $Ctx.Load($List)
        $Ctx.ExecuteQuery()
 
        If($ExcludedLists -NotContains $List.Title -and $List.Hidden -eq $false)
        {
            #Check if the given site is using unique permissions
            $List.Retrieve("HasUniqueRoleAssignments")
            $Ctx.ExecuteQuery()
  
            #Check if List has unique permissions
            If($List.HasUniqueRoleAssignments)
            {
                #Send Data to CSV File
                $ObjectTitle = $List.Title
                $ObjectURL = $("{0}{1}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $List.RootFolder.ServerRelativeUrl)                
                $ObjectType = "List/Library"
                "$($ObjectTitle) `t $($ObjectURL) `t $($ObjectType)" | Out-File $CSVFile -Append

                Write-host -f Green "`t`tUnique Permissions Found on the List: '$($List.Title)'"
            }
 
            Write-host -f Yellow "`t`t Searching Unique Permissions on the Lists Items of '$($List.Title)'"

            #Query to get list items in batches
            $Query = New-Object Microsoft.SharePoint.Client.CamlQuery
            $Query.ViewXml = "<View Scope='RecursiveAll'><RowLimit>2000</RowLimit></View>"

            ### Get unique permission on List items
            Do {  
                #Get all items from the list
                $ListItems = $List.GetItems($Query)
                $Ctx.Load($ListItems)
                $Ctx.ExecuteQuery()
            
                $Query.ListItemCollectionPosition = $ListItems.ListItemCollectionPosition
   
                #Loop through each List item
                ForEach($ListItem in $ListItems)
                {
                    $ListItem.Retrieve("HasUniqueRoleAssignments")
                    $Ctx.ExecuteQuery()
                    If ($ListItem.HasUniqueRoleAssignments -eq $true)
                    {
                        #Send Data to CSV File
                        $ObjectType = "List Item/Folder"
                        #Get the URL of the List Item
                        $ListItem.ParentList.Retrieve("DefaultDisplayFormUrl")
                        $Ctx.ExecuteQuery()
                        $DefaultDisplayFormUrl = $ListItem.ParentList.DefaultDisplayFormUrl
                        $ObjectURL = $("{0}{1}?ID={2}" -f $Web.Url.Replace($Web.ServerRelativeUrl,''), $DefaultDisplayFormUrl,$ListItem.ID)
                        $ObjectTitle = $ListItem["Title"]
                        "$($ObjectTitle) `t $($ObjectURL) `t $($ObjectType)" | Out-File $CSVFile -Append

                        Write-host  -ForegroundColor Green "`t`t`t Unique Permissions Found on Item ID:" $ListItem.ID
                    }
                }
            } While ($Query.ListItemCollectionPosition -ne $null)
        }
    }
 
    #Process each subsite in the site
    $Subsites = $Web.Webs
    $Ctx.Load($Subsites)
    $Ctx.ExecuteQuery()        
    Foreach ($SubSite in $Subsites)
    {
        #Call the function Recursively
        Get-SPOUniquePermissionReport($Subsite)
    }
}
 
#Config Parameters
$SiteURL= "https://crescent.sharepoint.com/sites/marketing"
$CSVFile = "C:\Temp\UniquePermissionsRpt.csv"

#Get Credentials to connect
$Cred = Get-Credential
  
Try {
    #Setup the context
    $Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
    $Ctx.Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.UserName,$Cred.Password)
      
    #Get the Web
    $Web = $Ctx.Web
    $Ctx.Load($Web)
    $Ctx.ExecuteQuery()

    #Write CSV (TAB Separated) File Header
    "Title `t URL `t Object" | Out-File $CSVFile
     
    #Call the function to get unique permissions from the site collection
    Get-SPOUniquePermissionReport $Web
}
Catch {
    write-host -f Red "Error:" $_.Exception.Message
} 

此 PowerShell 脚本可获取给定网站集中权限继承已损坏的对象列表，例如网站、列表或库、列表项。如果您想要获取有关谁有权访问哪些内容的报告，请使用此 PowerShell 脚本：SharePoint Online：使用 PowerShell 的网站集权限报告。

总之，使用 PowerShell 在 SharePoint Online 中生成唯一的权限报告是一个简单的过程，可以通过使用上面解释的 PowerShell 脚本来完成。通过使用 PowerShell cmdlet 检索网站中每个项目的权限，您可以快速创建提供 SharePoint Online 网站全面概述的报告。

如果您需要查找具有唯一权限的子网站、列表和库或列表项，请使用以下脚本：

• SharePoint Online：使用 PowerShell 查找具有唯一权限的所有网站
• SharePoint Online：使用 PowerShell 查找具有唯一权限的所有列表
• SharePoint Online：使用 PowerShell 获取具有唯一权限的所有列表项