Sharepoint-Toolbox/.planning/phases/07-user-access-audit/07-CONTEXT.md

Phase 7: User Access Audit - Context

Gathered: 2026-04-07 Status: Ready for planning

## Phase Boundary

Administrators can audit every permission a specific user holds across selected sites, distinguish access types (direct/group/inherited), and export results to CSV or HTML. The audit accepts multiple users via a tenant people picker and uses global site selection (Phase 6) with per-tab override.

Requirements: UACC-01, UACC-02

Success Criteria:

1. A User Access Audit tab is accessible and accepts a user identifier and site selection as inputs
2. Running the audit returns a list of all access entries the user holds across the selected sites
3. Results distinguish between direct role assignments, SharePoint group memberships, and inherited access
4. Results can be exported to CSV or HTML in the same format established by v1.0 export patterns

## Implementation Decisions

User Identification Input

• People picker powered by Microsoft Graph API to show autocomplete dropdown of tenant users
• Supports selecting multiple users for batch audit
• Site selection uses global sites (Phase 6) with per-tab override (same pattern as Permissions/Storage tabs)
• Single "Run Audit" click scans all selected users across all selected sites in one operation

Results Presentation

• DataGrid with toggle to switch between group-by-user and group-by-site views
• Essential columns only: User, Site, Object (list/folder), Permission Level, Access Type (Direct/Group/Inherited), Granted Through
• Per-user summary banner above the detail grid showing: total accesses, sites count, high-privilege count
• Search/filter TextBox to filter within audit results by any column
• Column sorting on all columns

Access Type Distinction

• Both color-coded rows AND Access Type column with icons for maximum clarity
  • Direct assignments: distinct color tint + icon
  • Group memberships: distinct color tint + icon, plus group name in "Granted Through" column
  • Inherited access: distinct color tint + icon
• High-privilege entries (Full Control, Site Collection Admin) flagged with a warning icon/bold styling
• External/guest users (#EXT#) flagged with a guest badge/icon (reuse existing PermissionEntryHelper.IsExternalUser)

Export Format — HTML

• Full interactive HTML with collapsible groups, sortable columns, search filter, color coding (consistent with existing HTML exports)
• Summary header section with per-user access counts and risk highlights
• Both group-by-user and group-by-site views available in a single report via toggle/tab

Export Format — CSV

• One CSV file per audited user (separate files for sharing individual audit results)
• Summary section included at top of each file (user, total accesses, sites count, high-privilege count)
• Flat row structure with all essential columns

Claude's Discretion

• Exact color palette for access type row tinting (should be accessible and distinguishable)
• Icon choices for Direct/Group/Inherited/Warning/External badges
• Microsoft Graph API scope and authentication integration approach
• Internal service architecture (new UserAccessAuditService vs extending PermissionsService)
• DataGrid grouping implementation details (WPF CollectionViewSource or custom)
• HTML report JavaScript implementation for toggle between views
• Localization key names for new strings

<code_context>

Existing Code Insights

Reusable Assets

• PermissionsService.ScanSiteAsync(ctx, options, progress, ct) — scans all permissions on a site; audit can filter results by target user(s)
• PermissionEntry record — 9-field flat record with ObjectType, Title, Url, Users, UserLogins, Type, PermissionLevels, GrantedThrough, HasUniquePermissions
• PermissionEntryHelper.IsExternalUser(loginName) — detects #EXT# guest users
• PermissionEntryHelper.FilterPermissionLevels(levels) — removes "Limited Access"
• CsvExportService.BuildCsv(entries) — CSV generation with merge logic (pattern reference)
• HtmlExportService — HTML report generation with embedded JS (pattern reference)
• SitePickerDialog — reusable multi-site picker (already wired from toolbar in Phase 6)
• FeatureViewModelBase — base class with GlobalSites property and OnGlobalSitesChanged hook
• SessionManager.GetOrCreateContextAsync(profile, ct) — authenticated ClientContext provider
• WeakReferenceMessenger — cross-VM messaging for progress updates

Established Patterns

• Tab ViewModel extends FeatureViewModelBase with [ObservableProperty] for bindable state
• RunOperationAsync pattern for long-running operations with progress reporting
• Export commands as IAsyncRelayCommand with CanExport predicate
• Dialog factories as Func<Window>? set from code-behind
• Localization via TranslationSource.Instance["key"] with Strings.resx / Strings.fr.resx
• _hasLocalSiteOverride pattern for per-tab site override protection

Integration Points

• New tab in MainWindow.xaml TabControl
• New UserAccessAuditView.xaml + UserAccessAuditViewModel.cs following existing tab pattern
• New service for user-centric permission querying (filters PermissionEntry by user)
• New export services for audit-specific CSV and HTML formats
• DI registration in App.xaml.cs for new services and ViewModel
• Localization keys in Strings.resx / Strings.fr.resx for audit tab UI

</code_context>

## Specific Ideas

• The people picker should query Graph API as the admin types, with debounced autocomplete
• Per-user summary should highlight if a user has Site Collection Admin access (highest risk)
• The HTML report toggle between "by user" and "by site" should be a simple tab/button in the report header, not requiring page reload
• CSV files should be named with the user's email for easy identification (e.g., audit_alice@contoso.com_2026-04-07.csv)

## Deferred Ideas

None — discussion stayed within phase scope

---

Phase: 07-user-access-audit Context gathered: 2026-04-07