We can easily find and retrieve SharePoint list items which has unique permissions using CSOM in Powershell. In this script, we are going to use GitHub open source library Load-CSOMProperties.ps1 to fetch extra properties (ex: HasUniqueRoleAssignments) in SharePoint CSOM API. You can refer this post : How to load additional CSOM properties in PowerShell for more details.
The following Powershell script get all files (or list items) which has unique (or explicit) permission entries from a given SharePoint Online document library. To use CSOM in Powershell, we need to load the required Microsoft SharePoint Online SDK assembly files.
#Add required references to SharePoint client assembly to use CSOM [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client") [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint.Client.Runtime") #Import the function Load-CSOMProperties to query CSOM object properties C:\Scripts\Load-CSOMProperties.ps1 $siteUrl="https://spotenant.sharepoint.com/sites/mysite1" $UserName = "[email protected]" $SecPwd = $(ConvertTo-SecureString 'myAdminPwd' -asplaintext -force) $ctx = New-Object Microsoft.SharePoint.Client.ClientContext($siteUrl) $credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($UserName,$SecPwd) $ctx.credentials = $credentials $ctx.Load($ctx.Web) $ctx.ExecuteQuery() $list=$ctx.Web.Lists.GetByTitle("Documents") $ctx.Load($list) $ctx.ExecuteQuery() $camlQuery = New-Object Microsoft.SharePoint.Client.CamlQuery $camlQuery.ViewXml ="<View Scope='RecursiveAll' />"; $allItems=$list.GetItems($camlQuery) $ctx.Load($allItems) $ctx.ExecuteQuery() foreach($item in $allItems) { Load-CSOMProperties -object $item -propertyNames @("HasUniqueRoleAssignments"); $ctx.ExecuteQuery(); if($item.HasUniqueRoleAssignments -eq $true) { Write-Host $item["FileRef"] Write-Host "##############" } }
Advertisement