Permissions Audit Export
The Permissions Audit Export shows you who has access to files and folders in your site. This is important for making sure that people and systems only have access to the things they actually need for their work. It helps reduce the chance that someone can see or change something they shouldn’t.
If your organization needs to follow certain rules or pass security checks, this report can help with that too. It shows a clear list of who can access what, which is often something reviewers or auditors ask for.
The report is also helpful when your team is going through changes, like hiring new people, moving responsibilities around, or removing access for people who’ve left. It gives you a quick way to double-check that everything is set up correctly.
This report helps you spot situations where someone might still have access to something they no longer need, so you can clean that up.
Finally, if someone says they can’t access something—or they’re seeing something they shouldn’t—this report can help you figure out what’s going on and fix it faster.
Running the Export
Like our other export options, this is available only in the web interface. Site administrators can run the report. The export produces a CSV listing of the defined permissions. If the report takes a long time to run, you can close the message and you will be emailed when the report is ready.
When you run the export, you choose whether to group the output by user or by path. This has several impacts on the final output, including the order of the columns, the sorting, and how each row is interpreted.
Depending on how you have assigned permissions in your site, exporting by user or by group may result in different numbers of rows in your CSV.
Group by User
When you choose to group by user, each user's permissions will be listed, with one row for each unique path where they have been granted a permission. All of the user's permissions for the path will be combined; for example, permissions for a user who can list files, upload, download, and share will appear as readonly,writeonly,bundle.
The permission_type, group_id and group_name columns may contain lists of items when the report is grouped by user. The items from the list are presented in a consistent order within the row, so you can match up the values. For example, if the permission type contains user,group,group and the group_id contains ,83221,83922 and group_name has ,West Office,Managers then this indicates that the permission was granted directly to the user and also through two separate groups, which are the West Office (group ID 83221) and Managers (group ID 83922).
Group by Path
When you choose to group by path, each path that has been assigned as a permission is listed, with one row for each user or group that has been assigned permissions to the path.
When permissions are granted to a group, all of the user IDs, usernames and user disabled flags for that group are listed together in one row. For example, if my Sales group contains sam (user ID: 123, disabled: false), sumit (user ID: 213, disabled: true) and saeed (user ID: 5291, disabled: false) and they have permission to the "Sales/Inbox" path, then the export will show one row for that permission and the Sales group with sam,sumit,saeed in the username column with 123,213,5281 in the user_id column and false,true,false in the user_disabled? column.
Exported Columns
The following columns are included in both versions of the export. The order of the first 4 columns will be different, depending on whether the export is grouped by user or by path.
| Column | Notes |
|---|---|
| path | The associated path of the permission. |
| username | User name(s) for the permission. |
| user_id | User ID(s) granted the permission. |
| user_disabled? | True when user account has been disabled. False when user account is active. |
| permission | List of permission levels granted. |
| recursive? | True when permission applies to sub-folders of the path. False if permission only applies to that specific path. |
| permission_type | How the permission was assigned. |
| admin? | Whether the permission includes admin access to the path |
| full? | Whether the permission includes full permission to the path |
| write? | Whether the permission includes write to the path |
| read? | Whether the permission includes download from the path |
| list? | Whether the permission includes list items in the path |
| share? | Whether the permission includes create share links including the path |
| group_id | Group(s) granting access for the path / user |
| group_name | Group ID(s) granting access for the path / user |
Permission
The values in the permission column match the developer documentation for Permissions.
The list of permissions reflects all of the permissions granted to the user or group members for the path. If a user gains a permission more than once for the path, it will be repeated in the list
Permission Type
This reflects how the permission was assigned. Permissions assigned directly to users are marked as user. Permissions assigned to groups are marked as group.
When the report is grouped by user, this column may contain multiple values. That's because a user can receive the same permissions multiple times due to group-level assignments.
Parent and Child Sites
Parent site users can be granted permissions to child site paths. This means that whether you run the export grouped by user or run it grouped by path, you will see different results for a parent site versus the child site.
Running the report "by User" in the parent site will include permissions for all users who are defined in the parent site, including any paths in child sites. Run this report to answer the question "What is everything my parent site users have access to across all of my sites?"
Running the report "by Path" in the parent site will only include permissions for paths that exist in the parent site. Run this report to see who has access to any paths in the parent site.
Running the "by User" export in a child site will only include permissions for user accounts that are defined in the child site. Parent site users are not included in this report. This answers the question "What can the users in this child site access?"
Running the "by Path" export in a child site includes all permissions for paths that exist in the child site, including for users and groups that belong to the parent site. "Who has access to any paths in this child site?"
The table below summarizes this information.
| Site | Group by User | Group by Path |
|---|---|---|
| Parent Site | Includes all permissions for parent site + all child sites for parent sites users | Includes permissions for paths in parent site only |
| Child Site | Includes permissions for child site users only | Includes permissions for paths in child site for parent site + child site users |