The Permissions Audit Export shows you who has permissions for specific files and folders in your site. This is important for making sure that people and systems only have access to the things they actually need for their work. It helps reduce the chance that someone can see or change something they shouldn’t.

If your organization needs to follow certain rules or pass security checks, this report can help with that too. It shows a clear list of who can access what, which is often something reviewers or auditors ask for.

The report is also helpful when your team is going through changes, like hiring new people, moving responsibilities around, or removing access for people who’ve left. It gives you a quick way to double-check that everything is set up correctly.

This report helps you spot situations where someone might still have access to something they no longer need, so you can clean that up.

Finally, if someone says they can’t access something—or they’re seeing something they shouldn’t—this report can help you figure out what’s going on and fix it faster.

Only Users with Permissions Are Included

The export includes users that have been granted permissions for a site. This means that site administrators, who do not have permissions for specific folders, are not included. Similarly, any users who have not been granted access to any folders in your site are not included in the export.

The exception to this rule is when users from a parent site have been granted child site-specific permissions for site administrator access or read-only administrator access for a child site.

Running the Export

Like our other export options, this is available only in the web interface. Site administrators can run the report. The export produces a CSV listing of the defined permissions. If the report takes a long time to run, you can close the message and you will be emailed when the report is ready.

When you run the export, you choose whether to group the output by user or by path. This has several impacts on the final output, including the order of the columns, the sorting, and how each row is interpreted.

Depending on how you have assigned permissions in your site, exporting by user or by group may result in different numbers of rows in your CSV.

Group by User

When you choose to group by user, each user's permissions will be listed, with one row for each unique path where they have been granted a permission. All of the user's permissions for the path will be combined; for example, permissions for a user who can list files, upload, download, and share will appear as readonly,writeonly,bundle.

The permission_type, group_id and group_name columns may contain lists of items when the report is grouped by user. The items from the list are presented in a consistent order within the row, so you can match up the values. For example, if the permission type contains user,group,group and the group_id contains ,83221,83922 and group_name has ,West Office,Managers then this indicates that the permission was granted directly to the user and also through two separate groups, which are the West Office (group ID 83221) and Managers (group ID 83922).

Group by Path

When you choose to group by path, each path that has been assigned as a permission is listed, with one row for each user or group that has been assigned permissions to the path.

When permissions are granted to a group, all of the user IDs, usernames and user disabled flags for that group are listed together in one row. For example, if my Sales group contains sam (user ID: 123, disabled: false), sumit (user ID: 213, disabled: true) and saeed (user ID: 5291, disabled: false) and they have permission to the "Sales/Inbox" path, then the export will show one row for that permission and the Sales group with sam,sumit,saeed in the username column with 123,213,5281 in the user_id column and false,true,false in the user_disabled? column.

Exported Columns

Most of the following columns are included in both versions of the export, but the order of the columns will be different, depending on whether the export is grouped by user or by path.

The permission_fences column is only included when at least one permission fence exists.

Permission

The values in the permission column match the developer documentation for Permissions.

The list of permissions reflects all of the permissions granted to the user or group members for the path. If a user gains a permission more than once for the path, it will be repeated in the list

Permission Type

This reflects how the permission was assigned. Permissions assigned directly to users are marked as user. Permissions assigned to groups are marked as group.

When the report is grouped by user, this column may contain multiple values. That's because a user can receive the same permissions multiple times due to group-level assignments.

Permission Fence

When a permission fence exists that would affect a recursive permission, the folder of the fence is listed in the permssion_fence column.

Parent and Child Sites

Users and groups in parent sites can be granted permissions to paths in any child site. This is reflected in the permissions audit export.

When you run the export for a parent site, all of the permissions from the parent site and all child sites are included in the export. Each row indicates the corresponding site for each path, user and group (through the path_site, user_site, and group_site) columns.

An export run from within a child site will include all of the permissions for paths only in that specific child site. A parent site group or user that has been granted access to the child site will be included in the permissions audit exports generated in that child site. Each row indicates the corresponding site for each path, user and group column with the respective path_site, user_site, and group_site columns.