Written: 19/09/2020 | Updated: N/A

TeamsFest is only a few weeks away. It’s coming around so fast and one of the jobs I did during the week was spin up a list in the Team so that speakers could easily access their session. It had their track, it had their time and their moderator. It felt nice putting it in as a tab. It looked good and felt good. But one of the things I was thinking about now I have started to use Lists in anger is how can get I a report on who I have shared a list with. I wrote about how to share Lists and List Items in both the web experience and Teams but now imagine the scenario that I have a few dozen lists and that I collaborate on these inside and outside the organisation. How could I tell who I shared those with? Especially after a month or two where albeit best intentions, I doubt I am keeping track. It’s really important to review this from time to time both in terms of administration and security. Yet one of the things we must understand is this difference between personal lists and teams lists because lists are stored in different places – and yes, yes I know its ultimately all SharePoint, but this determines how we find our sharing reports

This blog will cover

  • How to report on personal lists
  • How to report on team lists
  • As an admin can we see who shared lists and list items?

This a bit of kicking back and relaxing before a big week at Ignite! I very much hope to see you there!

WHY WOULD WE DO IT?

  • To find out who has sharing permissions on our lists and list items
  • If we want to remove or preserve sharing permissions on those lists and list items

PREREQUISITES

1.) SharePoint Licence: usually within Office/Microsoft 365 Licence. Whilst many will now access Lists via Teams, a Teams licence is not necessary to be able to run sharing reports and if you are using the web experience to create lists

2.) To be able to run sharing reports in SharePoint you must have Site owner permissions over the site the List is in. In Teamspeak, this means you need to be an owner of a Team to have full access to the underlying SharePoint site

HOW TO REPORT ON PERSONAL LISTS

When creating lists, you have the option to create personal or team lists. Personal lists are lists which are personal to you, which are created via the web experience (Lists Home) and are stored within OneDrive for Business, whereas Team lists are lists which are for the team and which are stored within SharePoint. When you create a team list via the web experience or via Teams, it is stored within SharePoint. Teams cannot currently create personal lists and probably won’t do until Lists becomes a personal app, if it ever does

1.) Log into https://login.microsoftonline.com and select OneDrive from the left app rail or from all apps

2.) Select Cog on the top right, then OneDrive Settings

3.) Select More Settings

4.) Select Run Sharing Report

5.) Select a folder to put the sharing reports. If you don’t see one select New to add one. Once done, select Save

6.) Return to your OneDrive files, select the folder you put the report and then select the sharing report

7.) The sharing report will open in Excel

The following is important

What List is defined in the Resource Path. The fact that it is a List is defined in the Item Type. Permissions on that list is defined by Permissions. Who the list is shared with is defined by the User Name and Email Address and whether that user is internal or external is defined by User or Group Type

In terms of List Items, List Items have an Item type of 0. The resource path will tell you what List the item is in but how can we tell which item is being shared? It took a few minutes to test and work this out, but the exact list item which is being shared is defined by the order it was added to the list, so for example, the first item added to the list is in the resource path as listpath/1_.000 (.000 is a file type used for indexing), the second added to the list is therefore listpath/2_.000, the eighth is listpath/8_.000 and so on. However, say I have 12 list items, remove 4 and add 1 (which makes 9) then that last item will actually show on the list at listpath/13_.000. This makes it a little difficult if, for example, the list has undergone many changes trying to isolate the exact list item from the sharing report

As a user, can you then correlate this resource path for a List Item to an actual List Item given the resource path doesn’t show in an actual list? Well, yes you actually can by using the Web experience, selecting the List, then the List Item, select Details then More Details and copy out the direct link onto a notepad which will show you the same Resource Path URL that you saw in the sharing report

HOW TO REPORT ON TEAM LISTS

Unlike the sharing report for personal lists in OneDrive for Business you can’t currently get an aggregated report on every team list and list item shared in every SharePoint site. However you can currently get it on a site by site basis

You would get to the SharePoint site either through Teams (via the Files Tab) (Image 1) or through the List Settings within the Web Experience (Image 2). The exact place where you need to start out is the Home page of the underlying SharePoint site where the List is stored in (Image 3)

Note you have to be a site owner in order to access this report. In TeamSpeak this means being a Team Owner. You cannot access it as a member of the Team and will need to ask the owner or get owner permissions

1.) On the SharePoint Page select Cog and then Site Usage

2.) Scroll to the bottom and then under Shared with External Usersselect Run a Report

3.) Select a folder to put the sharing reports. Select General or New to add one. Once done, select Save. Note: the General folder here is the general channel in an associated Team. This may not be the best place to house such a report so it’s recommended to either save to general and move the report to a private channel via the move function in Teams Files or create a new folder which will be created in the documents of the SharePoint site but not create an associated channel in Teams

4.) Once done, select documents in the SharePoint site, select the sharing report (or open it in Teams)

5.) The sharing report will open in Excel

The report for Team Lists is exactly the same as the one for personal lists, and the naming conventions are also the same. Please see above for how to read the report

AS AN ADMIN, CAN I SEE WHO SHARED LISTS AND LIST ITEMS?

Yes, this can currently be seen in the audit log within the Office 365 security and compliance centre. Bear in mind that the default audit log is 90 days unless the user is assigned E5 licences with advanced auditing or unless you perform regular exports of the audit log

1.) In the Microsoft 365 admin centre select security

2.) Select Search and then Audit Log Search

3.) Run the search with the activity shared file, folder or site

4.) The audit log will pull up the user as well as show either shared Team Lists (SharePoint) or shared Personal Lists (OneDrive for Business). This is easy to distinguish by the URL of the Item. SharePoint will have a URL of https://tenant.sharepoint.com whereas OneDrive for Business will have https://tenant-my.sharepoint.com as well as /personal/ in the URL.

It also shows List items for both personal and team lists. Like the sharing reports the audit log shows the resource path of the list item

Our job here is done for today

We can use sharing reports in OneDrive and SharePoint to see who we are sharing our lists and list items with inside and outside the organisation, what permissions they have and how they have been shared. We can then leverage this information to clean up or continue to permit sharing based on our requirements. It is recommended that this is reviewed regularly for both administrative and security purposes and admins do have oversight in the audit log and ultimately, control via the SharePoint admin centre. In an ideal world, only those who need access to lists and list items should have them. We should be diligent and review periodically. Administrators can look at link expiry or methods to control external sharing such as domains and security groups should they ever feel the need to go further

All the very best for Ignite next week!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.