Share via

Manage SharePoint Online Access Requests using Powershell

  • Article

SharePoint Online Access Requests is a list. This means a lot.

The article below is using SharePoint Module for managing lists, items and files as an extension to SharePoint Online Management Shell. Install the module to proceed.

Access Requests

According to the Set up and manage access requests article
The access request feature allows people to request access to content that they do not currently have permission to see. As a site owner, you can configure the feature to send you mail when someone requests access to a site. You can then choose whether to approve or decline their request. If you approve the request, you can also specify the specific level of permission you’d like to assign to a user.

What is important from PowerShell perspective, is that Access Requests is a list. It can be accessed like any other lists, and access requests can be added, updated, and deleted as list items.

Verify Access Requests

  1. Connect to the site where you want to check the Access Requests
Connect-SPOCSOM

You will be asked for your credentials:

  1. Check if the list exists.
Get-SPOList

The List is created once the first user requested access to the site. If the list does not exist, there are no Access Requests.

  1. If the list exists, get the list items to see Access Requests for your site.
Get-SPOListItems "Access Requests"

  

  1. You can also view details of the request, like Date Created, text of the Request, or Expiry Date.
Get-SPOListItems "AccessRequest"  -IncludeAllProperties $true

  1. Or select the properties you want to view
Get-SPOListItems "Access Requests"  -IncludeAllProperties $true  | select title, *date*, conversation


Get-SPOListItems "Access Requests"  -IncludeAllProperties $true | select ID, title, *date*, conversation

 Possibilities

Among others, these properties allow you to verify and create a report on:

  • who invites the users
  • users who requested access vs. users who were invited
  • content of the invitation sent to users
  • expiration/creation/modification dates for all requests

List of properties of Access Request item

ContentTypeId
Title
_ModerationComments
File_x0020_Type
RequestId
RequestedObjectUrl
RequestedObjectTitle
InheritingRequestedWebId
RequestedWebId
RequestedListId 
RequestedListItemId
RequestedBy
RequestedByUserId
RequestedByDisplayName
RequestedFor
RequestedForDisplayName 
RequestedForUserId 
ApprovedBy     
AcceptedBy                  
Status
Expires  
PermissionType
PermissionLevelRequested 
AnonymousLinkType
SendWelcomeEmail 
WelcomeEmailSubject 
WelcomeEmailBody            
ExtendedWelcomeEmailBody    
Conversation                
IsInvitation
StatusDisp
RequestedForDisplayNameDisp 
RequestedByDisplayNameDisp  
RequestDate
ReqForUser 
ReqByUser  
ApprovalAction              
ID
ContentType                 
Modified
Created 
Author
Editor
_HasCopyDestinations        
_CopySource                 
owshiddenversion 
WorkflowVersion 
_UIVersion 
_UIVersionString
Attachments
_ModerationStatus
Edit                        
LinkTitleNoMenu             
LinkTitle                   
LinkTitle2                  
SelectTitle                 
InstanceID                  
Order 
GUID   
WorkflowInstanceID          
FileRef  
FileDirRef     
Last_x0020_Modified   
Created_x0020_Date 
FSObjType         
SortBehavior  
PermMask                    
FileLeafRef 
UniqueId            
SyncClientId          
ProgId                      
ScopeId        
HTML_x0020_File_x0020_Type  
_EditMenuTableStart         
_EditMenuTableStart2        
_EditMenuTableEnd           
LinkFilenameNoMenu          
LinkFilename                
LinkFilename2               
DocIcon                     
ServerUrl                   
EncodedAbsUrl               
BaseName                    
MetaInfo                    
_Level           
_IsCurrentVersion 
ItemChildCount 
FolderChildCount   
Restricted                  
AppAuthor                   
AppEditor                   
PermissionDisp              
ObjectRequestedTitleDisp    

Approve or Decline Access Requests

Once the user has sent his access request, the administrator can either approve or decline the request. It is possible via User Interface

or PowerShell. In PowerShell you modify a property called "Status"

Update-SpoListItem -ListTitle "Access Requests"  -ItemID 6 -FieldToUpdate Status -ValueToUpdate 0

where

ItemID is the ID of the item retrieved through Get-SPOListItems

ValueToUpdate means:

0   pending  

1   approved

2   accepted 

3   declined 

Assign Permission Level

It is possible to Assign one of the Permission Levels*:

Update-SPOListItem -ListTitle "Access Requests"  -ItemID 1 -FieldToUpdate PermissionLevelRequested -ValueToUpdate 3

ValueToUpdate means:

3                    Excel Services Viewers [View Only]          
8                  TeamsiteName Members [Edit]         
6               TeamsiteName Owners [Full Control] 
7               TeamsiteName Visitors [Read]            
1073741826  Read         
1073741827  Contribute  
1073741828  Design         
1073741829  Full Control 
1073741830  Edit           
1073741924  View Only   

   

The assigned permission level will be visible in User Interface:

If the value is incorrect, the Permission Level will not be assigned:

Downloads

SharePoint Module for managing lists, items and files

Working with multiple items using Powershell
Manage SharePoint Online Access Requests using Powershell
Restoring and removing item permissions in subfolders for SharePoint Online using Powershell
SPOMod Cmdlets and Resources

*The values presented here come from continuous testing and own test results, and by no means represent official Microsoft guide on how to assign permissions http://c.statcounter.com/10462841/0/bcdbf401/1/