/
Understanding the SharePoint Permissions Report

Understanding the SharePoint Permissions Report

Owned by Cognillo Content Admin
Mar 06, 2025
5 min read

This article will help show you how to create a SharePoint Permissions report, using the SharePoint Essentials Toolkit.

Introduction

The SharePoint Essentials Toolkit can generate detailed and fully customizable permission reports.

The permission reports will include the information below:

  • Site Collection Administrators

  • Site level permissions

  • List & Library level permissions

  • Unique item level permissions

  • SharePoint Group permissions

  • SharePoint Group Members permissions

  • MS Teams permissions

  • MS Teams Members permissions

  • Domain Group permissions

  • Domain Group Members permissions

  • All individual user permissions

NOTE: Items, Files, Pages and Folders that have INHERITED permissions do not show in the report. Only items, files, pages and folders with unique permissions will appear in reports. This is by design to reduce the size of reports.
SharePoint Sites, Lists and Libraries will show both inherited permissions and uniquely defined permissions.

(SharePoint Online only) Domain Group members (including Teams & Microsoft 365 Group Owners and Members) will not be displayed if the application does not have Azure App Registration configured. Please see the user guide for information on setting this up. Azure Entra ID requires app registration before an application (in this case the SharePoint Essentials Toolkit) can read Azure resources, such as domain groups and its members.

In this Article

Understanding the Reports

When the report populates data, you can expand the report details by clicking on the small arrow beside the Site Title.

image-20250220-002520.png

Site Level Permissions Example

If we expand the information, we can first look at the 'SharePoint Site” level permissions.

Click to expand the SharePoint Groups that are under each site.

image-20250220-002850.png

You can display Permission Levels in a single row by changing the setting in the Job Options. See “How to Customize the SharePoint Permissions Report” for more info.

We can go ahead and expand the ‘User’ section to view the users who have access to this site:

image-20250220-003209.png

You can drag and drop columns to re-organize the information, for example, I will drag and drop the “Granted Through” column to re-organize the information to show how each user was granted access in groupings.

The “Granted Through” column shows how the user was granted access. Such as through a SharePoint Group or Azure Domain Group. For more information see “Nested Domain Groups” section below

Group by Granted Through.gif

Item Level Permissions Example

If we expand the column “Scope: Item”, we can review items, files and pages that have unique permissions.

NOTE: Items that have inherited permissions are NOT shown in the report (this is by design to reduce report size).

Below we can take a look at a file and users who have access to this file:

image-20250220-233601.png

You can drag and drop column headers, add filters and change sorting to customize the reports. Below, I selected a view called “Access via Sharing Links” to view all the shared links in the selected sites and who have access through those shared links.

image-20250220-234723.png

Open to Everyone

The reports have a column labelled “Open to Everyone”, this indicates if the object is accessible (any permission level) to a large group of users. You can configure which domain groups are considered large, and also the membership count threshold to be used to define a ‘large’ domain group, which is considered ‘Open to Everyone’.

You can make this change in the Settings=>Jobs=>Permissions page:

image-20250305-211721.png

Below you can see a report which shows groups which are considered to be giving access to everyone (‘Open to Everyone’ = true).

image-20250305-212140.png

Nested Domain Groups

The report will show nested domain groups and members. To understand where users and groups have been granted access, see the “Granted Through” column.

For example, in this SharePoint Group “Contoso Members”, there is a domain group called “Discovery Team”:

image-20250221-224906.png

Within this group, in Entra ID we can see there are nested groups:

image-20250221-225206.png

Within this group, there are other nested domain groups, all the way down to “Customer-Access-Test-Group”:

image-20250221-225253.png

The SharePoint Essentials Toolkit will display nested domain groups like this:

image-20250221-225351.png

You can also retrieve the total number of members in each domain group and SharePoint group.

image-20250305-212549.png

NOTE: Dynamic Azure groups will be supported when Dynamic Groups are out of Preview.

Permissions Summary Report

The Permissions Summary Report gives a high level overview of access to your SharePoint sites, lists and libraries. You can apply filters by right clicking the column header and selecting “Show Filter Editor”. With filters, you can create ‘Views’ to show only information of interest, such as ‘All sites and lists with 200 or more users with access’.

image-20250305-214212.png

Related Articles

Related content