Background image

Build a SharePoint permissions report without using PowerShell

default post thumbnails default post thumbnails

Want to generate a SharePoint permissions report without using PowerShell? With ShareGate Desktop, it’s easy to audit your SharePoint Online permissions—we explain how and walk you through the steps to set up a permissions matrix report.

There is no single best way to manage your SharePoint security. Actually, there are multiple strategies that can help you ensure your data stays secure over time; choosing the right combination for your organization depends on your individual needs and overarching governance plan.

Related reading: Learn how to use SharePoint online, avoid common issues, best practices, tips, & tricks

That being said, there are some strategies that are crucial to ensuring data security and should be a part of every organization’s governance plan. For example: Conducting a regular audit of SharePoint permissions in your environment is critical for security.

There are a variety of built-in and custom reports in ShareGate Desktop that can help you monitor security and simplify your SharePoint administration routine. In this article, we’ll walk you through the steps to set up and run the Permissions Matrix Report—so you can get a complete overview of all the permissions given to users and groups in SharePoint and Office 365 without the need for PowerShell.


What SharePoint security means at ShareGate

There’s the governance plan, rules, processes to follow—and then comes the reality. Sometimes, you don’t have the time or the total control to ensure every action taken inside your SharePoint is compliant with the initial plan.

SharePoint security might have different meanings depending on your business and your governance. For us, SharePoint security must answer these questions:

Why audit SharePoint Online permissions?

I think we can all agree that SharePoint and Office 365 are incredibly powerful tools that enable unprecedented levels of collaboration and productivity. That being said, bringing all of your employees together within the same environment comes with its fair share of security concerns. So how do you make sure everyone has access to the right things?

Placing unnecessary restrictions on end users can hinder productivity and cause them to turn to other, unapproved tools: the dreaded shadow IT. On the other hand, excessive access rights can put the security of your organization’s data at risk—enabling users to view, edit, share, or even delete sensitive information they shouldn’t have access to in the first place.

That’s why, to minimize the risk of data leaks, it’s crucial that you regularly audit permissions in SharePoint Online. Unfortunately, there’s no easy out-of-the-box solution or built-in report inside SharePoint that allows you to do this. You would need to manually dive in and check individual user permissions—or list the current permissions for each SharePoint site by using complex Microsoft PowerShell scripts.


SharePoint Online user permissions report—the ShareGate way

Trying to audit SharePoint user permissions manually is extremely time-consuming, not to mention the risk of human error. And as soon as you’ve finished all the necessary steps to audit every single site, you need to start the whole process over again—permissions need to be audited regularly in order to keep data secure on an ongoing basis.

Instead, minimize the time you spend on SharePoint administration tasks by running a single report in ShareGate Desktop: the built-in permissions matrix report.

ShareGate Desktop’s permissions matrix report

ShareGate Desktop’s built-in permissions matrix report helps you uncover the permissions and access given to users and groups in your SharePoint and Office 365.

The permissions matrix report enables you to quickly identify which users have access to what in one clean and comprehensible matrix—saving you valuable time that would otherwise be spent performing the repetitive tasks required to monitor and manage permissions regularly.

You can run the report on multiple site collections at once, and it will work the same whether you’re using SharePoint, Office 365, or both in a hybrid scenario.

With the results from the Permissions Matrix Report, you can see:

  • All user and group permissions and each one’s permission level
  • Objects that have inherited permissions
  • Office 365 external users (including pending invitations and anonymous guest links)

How to create a SharePoint permissions matrix report with ShareGate Desktop

Ready to run your first permissions matrix report in ShareGate Desktop? We’ll walk you through the steps!

Prerequisites: Before you get started, make sure you’ve connected ShareGate Desktop to an environment as a Global or SharePoint administrator, and that you have site collection administrator rights for the environments within the scope of the report.

In ShareGate Desktop, navigate to the Security screen by clicking on the Security tab in the left navigation. Then click on Run permissions matrix report under Security essentials.

Security screen in ShareGate Desktop.

Select the target of the report, then click Next.

Select targets in ShareGate Desktop.

On the next screen, set your desired report options from the options outlined below the image, then click Schedule or Run now.

Set report options in ShareGate Desktop.

Users and groups

Select All users and groups, External users, or Specific users and groups. If you selected Specific users and groups, begin typing the user’s name and select the appropriate user from the dropdown.

Object types

Select whether or not you would like lists and libraries and list contents to be included in the scope of the report.

If you choose to include your list contents, note that the report will only show you permissions on folders, documents, and list items that have custom permissions (permissions not inherited by the parent).

Setup automatic export

If you want ShareGate Desktop to export a copy of the completed report automatically when finished, click on Setup automatic export before running the report. Check out our support documentation on how to setup automatic export to SharePoint library for more info and detailed instructions.

Review your permissions matrix report results to maximize SharePoint security

Once ShareGate Desktop has finished running your permissions matrix report, you will be able to see which users and groups have access in your environment.

If any errors popped up, you can click on Error details for more info to help you fix the problem fast.

Final permission matrix report.

Permission levels

Permissions for SharePoint groups and Active Directory security groups are not initially expanded. You can click on the expand icon (the plus sign) to view the members, owners, or visitors of a given group.

Expand group members details

Inherited permissions

To view the inherited permissions of an object, click on View (next to where it says Same as parent).

View inherited permissions.

Guest links and external user invitations

You can also view sharing links that are currently being used to grant access to SharePoint Online documents to guests outside of your organization’s Office 365.

By default these links do not exist and need to be enabled manually. When this happens, SharePoint creates hidden user accounts for each link type depending on whether the external user was granted “View only” or “Edit” permissions.

These accounts are all listed as Anonymous Guest Link in your ShareGate Desktop permissions matrix report, with check marks indicating whether the external user has “Contribute” or “Read” access:

Anonymous guest sharing link in report.

You will also see any pending external user invitations in your report. Invitations usually expire after a week, but since these invitations can be used to access certain resources in your SharePoint site, ShareGate Desktop displays them in your report as long as the invitation is not accepted and hasn’t expired yet.

External users can also be invited to join SharePoint groups. If you expand the associated SharePoint group, you’ll be able to see these invitations there.


If you haven’t tried our popular migration tool yet, what are you waiting for? ShareGate Desktop’s UI isn’t just just simple and intuitive—it’s actually pleasant to use (really!).

Migrate to SharePoint or Microsoft 365 quickly and easily with unlimited data and custom reporting. And effortlessly reorganize and restructure your content until it’s exactly how you want it.

Save time and migrate with total peace of mind, then get back to business as usual. See for yourself with a free, full-featured 15-day trial.

Recommended by our team

What did you think of this article?

Simplify Microsoft 365 adoption with your ShareGate subscription Watch our on-demand webinar.