In this video, we learn how to discover permissions in SharePoint Online using DeliverPoint. The Advanced Discover Permissions report is also covered, along with exporting the Discover Permissions report, and saving permission report templates.
Discover Site Permissions
The Discover Site Permissions Report will show a list of users who have permissions to the site. The report will not include other objects within the site such as Lists, Libraries, Folders & Items. However, a complete permission report to include everything within the site is available (See Advanced Permission Reports).
The Discover Permissions report displays the users in order of the permissions that they receive. E.g. Full Control, Edit, and Read. However, you can change the Sort order on any column by clicking the downward arrow next to each column.
The User Name column displays the end user including guest users. The guest user name will be in italics. You can also hover over the users avatar to see the people card which will in turn display the account information for the user. The far right column (Permissions Via) shows how the permission was assigned. You can expand each row from the permissioned via column to see how the permission was assigned to the user. Note that this will include Direct Permissions, SharePoint Groups, Microsoft 365 Groups, and Active Directory Security Groups. It is possible that a user may have duplicate permissions since they may have been assigned permissions with multiple methods. E.g. via a SharePoint Group, and via an Active Directory Security Group.
The Permission Report can be exported using Actions -> Export Report.
Discover List Permissions
The Discover Permissions report can also be run against a SharePoint list or Library from the command bar. When the Discover Permissions report is run at this scope, it will again show the users with permissions to the list/library, the permission level, and how the permissions were assigned.
In the far left column, you will see the name of the list or library. If the name is faded, it is an indication that the list or library inherits permissions from its parent e.g. The Site. If it is in full colour, then the list or library has Unique Permissions (Broken Permission Inheritance).
Discover Item & Folder Permissions
Within a SharePoint list or library, you can select multiple items and then click the elipses to access the discover permissions report.
The report will run with the scope of all selected items. Notice in the below screenshot that the ‘Management Accounts’ folder is faded, whereas the ‘Financial Planning’ folder is in full colour. This indicates that Financial Planning contains unique permissions.
Any DeliverPoint report can be exported as an Excel workbook (see 6:00 of the video above), or saved as a Report Template (see 6:47 of the video). Learn more about Report Templates in this video. You can link to a saved report template using the instructions in this Knowledge Base article.