- Free Edition
- Quick Links
- Reporting
- Auditing
- Management
- Backup
- Migration
- Monitoring
- Alerts
- Highlights
-
Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Hybrid AD, cloud, and file auditing and security
- ADSelfService Plus Identity security with MFA, SSO, and SSPR
- Exchange Reporter Plus Exchange Server Auditing & Reporting
- EventLog Analyzer Real-time Log Analysis & Reporting
- M365 Manager Plus Microsoft 365 Management & Reporting Tool
- DataSecurity Plus File server auditing & data discovery
- RecoveryManager Plus Enterprise backup and recovery tool
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools
What is the SharePoint Groups Permission report in SharePoint Manager Plus?
The SharePoint Groups Permission report—one of more than 140 prebuilt SharePoint reports in SharePoint Manager Plus—gives details about every SharePoint group in your tenant, the users inside each group, and the permission level the group holds on each site. The report primarily includes the site name, site URL, user login name, user display name, user type, and the exact permissions assigned to the group, along with other user and group properties pulled from Microsoft Entra ID and SharePoint Online.
Why you need a SharePoint group permission report
In most SharePoint environments, access decisions are made at the group level. A single misconfigured group can quietly hand sensitive sites to people who should never see them, and that exposure compounds as the tenant grows. With the global average cost of a data breach reaching USD 4.4 million in 2025 according to IBM, the cost of leaving group-level access unchecked is no longer theoretical. Without an environment-wide view of group memberships and the permission levels they carry, IT teams end up opening one site at a time, checking owners, members, and visitors by hand, and stitching the picture together in spreadsheets.
This manual approach leaves blind spots. Stale members linger in groups long after they change roles. Guest accounts end up inside groups that hold edit rights. Custom permission levels get applied without anyone tracking them. A SharePoint Groups Permission report generated by SharePoint Manager Plus gives you that visibility, helping you spot risks at the group level before they turn into incidents:
- Catch over-permissioned users: Pinpoint accounts sitting in SharePoint groups with Full Control or Edit when their role only calls for Read, and reduce the blast radius of a compromised account.
- Prove access governance during audits: Hand auditors a tenant-wide list of who belongs to which group on which site, with the exact permission level, instead of stitching evidence together from multiple admin portals.
- Enforce least privilege at scale: Spot groups where the assigned permission level is broader than what members actually need, and trim group rights to match real responsibilities.
- Clean up orphaned and unused group memberships: Track users who remain in SharePoint groups across multiple sites long after their projects have ended, and remove them in bulk.
Compliance standards that the SharePoint Groups Permission report supports
Organizations across industries are subject to information security standards such as ISO/IEC 27001, NIST SP 800-53, HIPAA, SOX, and the GDPR, many of which include access control requirements that call for organizations to document, review, and restrict who has access to sensitive data.
The SharePoint Groups Permission report supports these efforts by giving administrators an environment-wide view of who belongs to each SharePoint group and the permissions those groups hold across sites. This visibility helps teams review access rights regularly, apply least-privilege principles, and confirm that group-based permissions on sensitive sites are aligned with internal policies.
What does the SharePoint Groups Permission report show?
Using SharePoint Manager Plus, you can filter the report with the following fields:
- Microsoft 365 Tenant: Select the specific tenant where you want to analyze SharePoint group permissions.
- Site: Filter the report to a specific SharePoint site or a set of sites to focus the audit on a known scope, such as finance, HR, or executive collaboration sites.
The report displays the following details for each group entry.
| Attribute | Description |
|---|---|
| Site Name | The display name of the SharePoint site where the group is configured. |
| User Login Name | The unique login identifier for the group (e.g., group@domain.com), used for authentication. |
| User Name | The display name of the group as it appears in Microsoft Entra ID and SharePoint. |
| User Type | Indicates the type of group (e.g., SharePoint group). |
| Permissions | The permission level granted to the SharePoint group on the site, such as Full Control, Edit, Contribute, Read, or View Only. |
| Site URL | The web address (URL) used to access the SharePoint site associated with the group. |
The drawbacks of using native SharePoint admin portals or PowerShell
In native SharePoint, group membership and group permissions are reviewed one site at a time through the SharePoint admin center or by running ad-hoc PowerShell scripts against the tenant.
Native SharePoint tools can show the members of an individual group or the permissions granted on a single site, but they don't offer a ready-made, tenant-wide report focused specifically on group-level access across SharePoint. Admins are left opening each site to check group memberships and permission assignments, or writing PowerShell scripts to pull group-permission mappings in bulk. Both approaches become time-consuming in large environments and make it harder to catch over-permissioned groups or unintended access before it leads to data exposure.
PnP PowerShell and the SharePoint Online Management Shell can help close some of those gaps. With the right cmdlets, a Site Collection Administrator can iterate through sites, retrieve group rosters, resolve Microsoft Entra ID group memberships, and export the results for offline review.
What scripts still lack is a maintained reporting layer with scheduled runs, saved filters, role-based delegation, and one-click exports in business-friendly formats.
Benefits of SharePoint Manager Plus' SharePoint Groups Permission report over native SharePoint reports
With SharePoint Manager Plus, the SharePoint Groups Permission report combines the power and granularity of PowerShell with the convenience of a centralized admin console.
| Capability | SharePoint admin center limitations | PowerShell limitations | SharePoint Manager Plus advantage |
|---|---|---|---|
| Report accessibility | ❌
Manual filtering is required every time |
❌
Script execution is required for every run |
✅
Get one-click access to categorized reports |
| Custom reports | ❌ | ❌ | ✅
Create custom reports by saving granular, attribute-based conditional filters |
| Report exports | ✅
Reports can be exported only in CSV or JSON format |
✅
Requires additional scripting to format and export data |
✅
Reports can be exported in CSV, HTML, PDF, and XLSX formats |
| Emailing reports to admins | ❌ | ❌ | ✅
Send report emails to stakeholders and admins in favorable formats |
| Automated report generation | ❌
It requires technical scripting or separate complex add-ons |
❌
It requires Task Scheduler or Azure Automation |
✅
Schedule multiple reports that can be generated, filtered, emailed, and exported between defined periods automatically |
For a more detailed comparison, check out this page on how to create a SharePoint group.
Features that enhance the SharePoint Groups Permission report
SharePoint Manager Plus provides several built-in tools to help you manage, automate, and secure the data found in the SharePoint Groups Permission report:
- Export reports: You can download the report in multiple formats—including CSV, PDF, HTML, and XLSX—for sharing data with department heads or maintaining offline records for compliance.
- Automated report generation: Set the report to be generated at specific intervals (such as daily, weekly, or monthly) to conduct recurring group access reviews without manual effort.
- SharePoint alerts for permission-level changes: Configure alerts to notify admins when users are added to high-privilege SharePoint groups or when permission levels on a group are elevated, so unusual changes get reviewed before they cause damage.
- On-the-fly group membership management: Add, remove, or copy users from SharePoint groups and modify the permission level a group holds on a site—directly from the SharePoint Manager Plus interface—without bouncing between sites or writing scripts.
- Delegated administration: Grant help desk technicians granular, role-based access to report on and manage SharePoint groups, so routine cleanup doesn't require Global Administrator privileges.
Reports that complement the SharePoint Groups Permission report
If you are auditing how access is granted across your SharePoint Online environment, SharePoint Manager Plus provides several other reports that complement the data found in the SharePoint Groups Permission report:
- List Permissions report: Details who has access to every SharePoint list across your tenant, including the exact permission level assigned to each user or group and whether the access is inherited or unique.
- Folder Permissions report: Surfaces permissions assigned at the folder level within document libraries, including unique permissions that diverge from the parent library.
- File Permissions report: Shows item-level permissions applied to individual files in SharePoint, including files shared directly with users or external guests.
- External user reports: Shows guest and external accounts and the SharePoint resources they can reach, helping you confirm that any external user inside a SharePoint group still belongs there.
- Permission changes audit reports: Tracks every addition, removal, or permission-level change tied to SharePoint groups, giving you the timeline behind the current state shown in the SharePoint Groups Permission report.
Other features of SharePoint Manager Plus
- SharePoint management: Grant, remove, or copy SharePoint permissions, and manage group members in bulk without relying on complex scripts, simplifying your SharePoint administration.
- SharePoint reporting: Access over 140 prebuilt and custom reports for SharePoint, including permissions, site usage, content inventory, and security insights—all from a centralized dashboard.
- SharePoint auditing: Maintain a comprehensive, searchable audit trail of all activities across your SharePoint environment, including user actions, permission changes, and content modifications.
- SharePoint alerting: Get real-time alerts on critical events such as permission changes, suspicious user activities, site access anomalies, and policy violations.
- Delegated administration: Empower help desk technicians with granular, role-based access to perform specific SharePoint administrative tasks, without elevating native privileges.
- SharePoint migration: Simplify SharePoint migration by enabling seamless content and permission migration across sites and tenants, with minimal downtime and full visibility into migration progress.
