Get details for site permissions for a SharePoint online site

This is one of the most common requirement which you get from the site owners, they want to know who have access to the site. This is also one of the important report which one need at the time of site migration. You can generate this report with help of the migration tools. Or can go to the site permissions to verify who have access on the site by looking to site permissions.

For viewing site permissions, go to site settings and click on site permissions. Or use below URL to directly access the site permissions.

https://<tenant name>.sharepoint.com/_layouts/15/user.aspx

You can see the site security groups, click on check permissions to verify permissions for any of the user.

Generate Site permission report using Power Shell

I am sharing a PowerShell script which you can run using Site collection admin account and generate the site permission report.

$siteURL = "https://mstechtalkdemodev.sharepoint.com/"
 
#Connect to Site
Connect-PnPonline -Url $siteURL -Interactive
 
#Get the web
$web = Get-PnPWeb -Includes RoleAssignments
 
#Loop through each permission assigned and extract details
$permissionData = @()
ForEach ($roleAssignment in $web.RoleAssignments)
{
    #Get the Permission Levels assigned and Member
    Get-PnPProperty -ClientObject $roleAssignment -Property RoleDefinitionBindings, Member
     
    #Get the Permission Levels assigned
    $permissionLevels = ($roleAssignment.RoleDefinitionBindings | Select -ExpandProperty Name | Where { $_ -ne "Limited Access"} ) -join ","
     
    #Leave Principals with no Permissions
    If($permissionLevels.Length -eq 0) {Continue}
 
    $permissionType = $roleAssignment.Member.PrincipalType
    #Get SharePoint group members
    If($permissionType -eq "SharePointGroup")
    {
        #Get Group Members
        $groupMembers = Get-PnPGroupMember -Identity $roleAssignment.Member.LoginName
                   
        #Leave Empty Groups
        If($groupMembers.count -eq 0){ Continue }
        $groupUsers = ($groupMembers | Select -ExpandProperty LoginName | Where { $_ -ne "SHAREPOINT\system"}) -join "; "
   
        #Add the Data to Object
        $permissions = New-Object PSObject
        $permissions | Add-Member NoteProperty Name($roleAssignment.Member.Title)
        $permissions | Add-Member NoteProperty Accounts($groupUsers)
        $permissions | Add-Member NoteProperty Type($permissionType)
        $permissions | Add-Member NoteProperty PermissionLevels($permissionLevels)
        $permissionData += $permissions
    }
    Else
    {
        #Add the Data to Object
        $permissions = New-Object PSObject
        $permissions | Add-Member NoteProperty Name($roleAssignment.Member.Title)
        $permissions | Add-Member NoteProperty Accounts($roleAssignment.Member.LoginName)
        $permissions | Add-Member NoteProperty Type($permissionType)
        $permissions | Add-Member NoteProperty PermissionLevels($permissionLevels)
        $permissionData += $permissions
    }
} 
#Export Permissions data to CSV file
$permissionData | Out-GridView