Auditing permissions in SharePoint is crucial for security, compliance, and access management. Over time, permission structures can become complex, making it necessary to review and monitor who has access to what.
This guide covers:
✔ Methods to check user permissions
✔ Generating permission reports
✔ Using PowerShell for advanced auditing
✔ Best practices for permission management
1. Checking Permissions for a User or Group
SharePoint allows you to check who has access to a site, list, or document.
How to Check a User’s Permissions in SharePoint Online:
1️⃣ Navigate to the SharePoint site where you want to check permissions.
2️⃣ Click the Settings (⚙️) icon > Site settings.
3️⃣ Under Users and Permissions, click Site permissions.
4️⃣ Click Check Permissions (top menu).
5️⃣ Enter the user’s name or email and click Check Now.
6️⃣ SharePoint will display the user’s effective permissions.
Tip: If permissions seem incorrect, check if they come from group memberships or inherited permissions.
2. Viewing Site Permissions in SharePoint Online
To get a broader view of site permissions:
1️⃣ Go to the SharePoint site.
2️⃣ Click Settings (⚙️) > Site permissions.
3️⃣ Here, you’ll see:
- Site Owners, Members, and Visitors
- Any shared links
- External users with access
Tip: Click Advanced permissions settings for a classic SharePoint view.
3. Generating a SharePoint Permissions Report
For a complete audit, you may need a permissions report that shows all users and groups with access to a site, list, or document library.
Using Microsoft 365 Compliance Center (For Admins)
1️⃣ Go to Microsoft 365 Compliance Center (https://compliance.microsoft.com/).
2️⃣ Click Audit > Search.
3️⃣ Use filters like:
- Activity Type: “Added site permission,” “Removed site permission”
- Date range
- User or site URL
4️⃣ Click Search to generate a report.
5️⃣ Export results to CSV for further analysis.
Tip: This is useful for compliance tracking and investigating security incidents.
4. Auditing SharePoint Permissions Using PowerShell
For advanced auditing, PowerShell can extract a full permissions report.
Steps to Run a SharePoint Permissions Report Using PowerShell
1️⃣ Open PowerShell as an administrator.
2️⃣ Run the following script (for SharePoint Online):
powershellCopyEdit# Connect to SharePoint Online
Connect-SPOService -Url https://yourtenant-admin.sharepoint.com
# Get site collection URL
$siteUrl = "https://yourtenant.sharepoint.com/sites/YourSite"
# Get permissions report
Get-SPOSite -Identity $siteUrl | Select-Object -ExpandProperty Groups
Alternative: Use PnP PowerShell for more detailed reports:
powershellCopyEdit# Install PnP PowerShell module if not installed
Install-Module -Name PnP.PowerShell -Force -AllowClobber
# Connect to SharePoint Online
Connect-PnPOnline -Url "https://yourtenant.sharepoint.com/sites/YourSite" -UseWebLogin
# Export permissions report
Get-PnPUser | Export-Csv -Path "C:\SharePointPermissionsReport.csv" -NoTypeInformation
Tip: This method provides a detailed list of all users and groups with access.
5. Auditing Permissions for Document Libraries & Lists
To audit access at the document library or list level:
1️⃣ Open the document library or list.
2️⃣ Click Library settings (⚙️) > Permissions for this document library.
3️⃣ Here, you can:
- See if permissions are inherited or unique.
- Click Check Permissions to verify user access.
- Stop Inheriting Permissions (if needed) to customize security.
Tip: Use Microsoft Purview (formerly Compliance Center) for more in-depth tracking.
6. Best Practices for Auditing SharePoint Permissions
✔ Schedule regular permission audits – Review access every 3-6 months.
✔ Use SharePoint groups – Assign permissions to groups instead of individual users.
✔ Monitor external sharing – Check for guest users or anonymous links.
✔ Limit unique permissions – Too many custom permissions can cause confusion.
✔ Enable audit logging – Track permission changes via Microsoft 365 Audit Logs.
✔ Use Power Automate – Set up alerts when sensitive permissions are modified.