What is a one sentence summary of your feature request?
Enhance the “SharePoint Online Object Permissions” by providing the ability to include child objects
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
I would like the “SharePoint Online Object Permissions” report to be enhanced, providing the ability to include child objects of the specified “Object Path” parameter.
The issue is that audits of SharePoint, the Document Center in my specific use case, are not possible with Netwrix because there is no single report that accounts for ALL the following:
1.) Permissions on the object specified in the “Object Path” parameter. In this use case it is an area (folder) in our Document Center.
2.) Permissions on child objects assigned by breaking inheritance.
3.) Permissions on child objects assigned by Sharing the object (internal or external).
I need to generate a single report that I can hand to the Owners of each respective area that show them who has access to everything in their specific area. I have been unable to find a way to accomplish this with the existing reports in Auditor.
How do you currently solve the challenges you have by not having this feature?
At the moment, I am trying to hack up the TSQL generated by this report but I am not having much luck. Other than that, I don’t have a way to accomplish what I need to do.
That’s a great idea! I’m curious how you picture it working in practice.
One option could be to add a link in the report details to a separate report listing all objects whose parent is the specified object, and then let the user click on any child object to jump back into the Object Permissions report for that child.
We’d also need to think about performance and usability. For example, if a single parent has a very large number of child objects, the report might struggle to display them all. Maybe we could limit it to the first 2,000 objects, or perhaps you have another approach in mind?
I’d love to hear your thoughts.
The challenge is that bject Permissions report is quite complex and not so easy to replicate
For a report like this, I would just have it export to a simple Excel file or a CSV. I would not even worry about a nice looking SSRS report because the use case for this involves looking at data in bulk and being able to filter by multiple columns. For example, I am going to apply the Filter feature in Excel and then look at the dropdown to see if there are any users that I am not anticipating having access to anything in my area. If I find any, I am going to filter by user to see what they have access to and how.
I was able to modify the report to have it give me what I need and I just copied the results from SSMS to Excel, ordered by ObjectPath and AccountName, and called it a day. Honestly, a nicely formatted SSRS rep[ort would not do me any good in this case.
As far as performance, that is what I am looking into, now that I have the results that I need.
