There has always been one problem in the SharePoint world: full site permissions report. Full means across entire site – including all objects with broken permissions.
It seems like Microsoft has solved the problem: Full site permissions report is available for site owners out-of-the-box.
How to get full site permissions report
Just navigate to Site Usage, scroll to the end and run report.
Select gearbox “Settings” and then Site usage:
Or Select “Site Contents”, then “Site Usage”:
2. Scroll down to the “Shared with external users” block and click “Run report”:
3. Select folder (*) for the report and click “Save”:
After some time (1-5 minutes) – check the folder. There should be a file with a report on all site permissions.
For items shared with direct access, the report contains one row for each user / item combination.
SharePoint groups are shown in the report, but not individual users inside them…
You must be a site admin to run the report.
4. Secure the permissions report.
if you don’t want site members to see the report, consider creating a folder for permissions reports
Secure this folder for site owners and for those who can see the report…
How to get full site permissions report (Video)
Some more details on SharePoint permissions
Permissions are tricky in SharePoint. By default, you have permissions assigned to the root site of the site collection and all subsites, libraries etc. inherit root permissions.
But you can break inheritance at any level you need to provide specific (unique) permissions to the resource.
Of course you can always navigate to the resource and check resource permissions. But… what if there are hundreds of broken permissions… should you iterate everything under your site to check manually if permissions are broken or inherited?
So the real problem was – you never knew who have access to your site as there was no out-of-the-box tool to get all site permissions in one single report. There are third-party solutions – like ShareGate, Metalogix or SysKit – or you can develop PowerShell script generating report on all SPO site permissions. But… finally Microsoft solved this problem –
Microsoft implemented out of the box full site permissions report.