Powershell script to display unique permissions for all subsites and lists

Requirement

Display security permissions for site collection, subsites, and lists/libraries in each site.

Solution

This can be achieved by a simple powershell script. To use it, you must modify the $site variable to point to your site collection.

Syntax: <script name>.ps1 | out-file c:\permissions.txt

 

   1:  #Add SharePoint PowerShell SnapIn if not already added

   2:  if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null) {

   3:  Add-PSSnapin "Microsoft.SharePoint.PowerShell"

   4:  }

   5:   

   6:  #Define variables

   7:  $site = Get-SPSite "http://<site collection>"

   8:   

   9:  #Get all subsites for site collection

  10:  $web = $site.AllWebs

  11:   

  12:  #Loop through each subsite and write permissions

  13:   

  14:  foreach ($web in $web)

  15:  {

  16:  if (($web.permissions -ne $null) -and ($web.hasuniqueroleassignments -eq "True"))

  17:  {

  18:  Write-Output "****************************************"

  19:  Write-Output "Displaying site permissions for: $web"

  20:  $web.permissions | fl member, basepermissions

  21:  }

  22:  elseif ($web.hasuniqueroleassignments -ne "True")

  23:  {

  24:  Write-Output "****************************************"

  25:  Write-Output "Displaying site permissions for: $web"

  26:  "$web inherits permissions from $site"

  27:  }

  28:   

  29:  #Loop through each list in each subsite and get permissions

  30:   

  31:  foreach ($list in $web.lists)

  32:  {

  33:  $unique = $list.hasuniqueroleassignments

  34:  if (($list.permissions -ne $null) -and ($unique -eq "True"))

  35:  {

  36:  Write-Output "****************************************"

  37:  Write-Output "Displaying Lists permissions for: $web \ $list"

  38:  $list.permissions | fl member, basepermissions

  39:  }

  40:  elseif ($unique -ne "True") {

  41:  Write-Output "$web \ $list inherits permissions from $web"

  42:  }

  43:  }

  44:  }

  45:  Write-Host "Finished."

  46:  $site.dispose()

  47:  $web.dispose()

  48:  $unique.dispose()

The output you get will look something like this:


****************************************
Displaying site permissions for: Intranet




Member : domain\administrator
BasePermissions : ViewFormPages, Open, BrowseUserInfo, UseClientIntegration, Us
eRemoteAPIs
Intranet \ Brands inherits permissions from Intranet
Intranet \ Content and Structure Reports inherits permissions from Intranet
****************************************
Displaying Lists permissions for: Intranet \ News


Member : domain\domain users
BasePermissions : ViewListItems, OpenItems, ViewVersions, ViewFormPages, Open,
ViewPages, CreateSSCSite, BrowseUserInfo, UseClientIntegratio
n, UseRemoteAPIs, CreateAlerts
Intranet \ Pages inherits permissions from Intranet
Intranet \ PDFs inherits permissions from Intranet
****************************************
Displaying site permissions for: About Company
About Company inherits permissions from SPSite Url=http://my.company/intranet
About Company \ Documents inherits permissions from About Company
Displaying Lists permissions for: About Company\ Images


Member : domain\administrator
BasePermissions : ViewFormPages, Open, BrowseUserInfo, UseClientIntegration, Us
eRemoteAPIs


As you can see, the script only displays the permissions of subsites and lists that are unique.

 

Fuente: http://www.mysharepointadventures.com/2011/08/powershell-script-to-display-unique-permissions-for-all-subsites-and-lists/