Uncover the access your users and groups respectively have in your environments with a Permissions Matrix Report.
- You have connected to an environment as a Global Administrator or SharePoint Administrator.
- You have Site Collection Administrator rights for the environments within the scope of the report.
- If you're running the report on the whole farm, you should have Farm Administrator rights.
- From the Explorer, select the target, and click from the Quick Actions panel. OR click Security from the menu, and select Permissions Matrix Report before selecting your target.
- Select the user or group you want to include in the report (see below for details).
- Check the Object Types you want to add to your report.
- You will now see your report. Please see Navigate for more information.
Here is what the loaded report will look like:
Users and Groups
Select the users, the time range, and the event you would like to view.
Users: Select All Users and Groups, Specific Users and Groups, or External Users. If you select Specific User and Groups, begin typing the user's name, and select from the dropdown.
Select Object Types: Select whether or not you wish to include lists and list content in the report.
Note: For your list content the report will only show you permissions on folders, documents, and list items that have custom permissions (permissions not inherited by the parent).
Inherited Permissions: View the inherited permissions by clicking on the View.
Levels: Permissions for SharePoint groups and Active Directory groups are not initially expanded. To view the members of a given group, you can expand the group by clicking on the expand icon.
Expanding a group will add all the group's members into the permissions matrix, so that you can see the unique permissions that member has.
To expand or collapse all groups, use the icons at the top right of the report.
Note: If you are exporting your results to Excel, you should expand all groups so that you have access to the permissions matrix information of all members.
Guest Links and External User Invitations
Guest Links: SharePoint in Office 365 has a feature called Guest Links which allows you to easily share documents with external, anonymous users. There are two types of links depending on the permissions that should be given out to anyone with the link: View Only and Edit. By default, these links do not exist and must be enabled manually. When this happens, SharePoint creates hidden user accounts, one for each link type: Guest Reader and Guest Contributor. ShareGate Desktop represents these accounts in the Permissions Matrix Report as a single user account, Anonymous Guest Link with Contribute and/or Read access, allowing you to quickly gather the documents that are accessible from outside your enterprise.
External User Invitations: Sites, lists, libraries and documents can be shared with external users in Office 365, through the means of an invitation. Invitations usually expire after a week. Since these invitations can be used to access certain resources in your site, ShareGate Desktop displays them in the Permissions Matrix Report. As long as the invitation is not accepted and doesn't expire, an entry will be added in the Permissions Matrix Report displaying the email address associated with the invitation, along with a special icon as depicted in the image below.
External users can also be invited to SharePoint groups. These invitations are displayed in the Permissions Matrix Report upon expanding their associated SharePoint group.
Click the Export button to export the report to excel.
- If a group is expanded, its users will be visible in the Excel spreadsheet, but it if it is collapsed, only the group will be included. The same applies to permissions matrix, which will not be included in the spreadsheet when they are collapsed.
- The Permissions Matrix Report will not display Limited Access permission levels, however you can run a Clean Limited Access Access action to get rid of unused Limited Access permission levels that no longer relate to any existing permissions on site elements.