You want to get an overview of all Permission Levels that are set up in your tenant’s SharePoint Online site collections. Not only the out-of-the-box permission such as “Full Control” or “Read”, but also any custom permission levels which may have been defined by your site collection’s administrators (“Add Only” is a common example).


A prerequisite for this code are the OfficeDev PnP PowerShell cmdlets. Ensure that you have a current version installed before proceeding.
The following code connects to your tenant and fetches all site collections (with a small where query, as I wanted to limit it to all sites in the /sites/ or /teams/ paths). It then loops through all site collections, retrieves the permission levels, and writes that information into a CSV file.

$cred = Get-Credential
Connect-PnPOnline -Url -Credentials $cred
$sites = Get-PnPTenantSite | where {$_.Url -like "**" -or $_.Url -like "**"}
foreach($site in $sites) {
	Connect-PnPOnline -Url $site.Url -Credentials $cred
	$ctx = Get-PnPContext
	$roleDefs = (Get-PnPWeb).RoleDefinitions
	foreach($rd in $roleDefs) {
		Add-Content ".\permissionlevels.csv" "$($site.url), $($rd.Name)"

Code on GitHub

4 thoughts on “Office 365 Advent Calendar – 01 Getting all Permissions Levels in SharePoint Online”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.