Ir al contenido principal

SharePoint: User Permissions detail report for a Web Application

fuente: http://mstechtalk.com/sharepoint-user-permissions-detail-report-for-a-web-application/
Overview:
A site administrator can easily verify and check user permissions from site settings page, steps are quite simple:
Go to Site Settings –> Site Permissions –> Click on Check Permissions Button and enter user name, this will list the user rights for a single user. But what if it is required to list access permission details for all the users in a SharePoint site, this is not possible Out of the Box.
The below listed script methods are helpful is this scenario, it will list  all users with their permissions and security group detail. The script will generate a detail drill down report for a Web Application which include all sites, sub sites, lists/libraries and items (if inheritance is break).
PowerShell
#Script written and modified by Adnan Amin
#Blog: http://mstechtalk.com
#twitter: @adnan_amin
#facebook: https://www.facebook.com/groups/SharePoint.Pakistan/
#facebook: https://www.facebook.com/MSTechTalk
#The initial idea was taken from another technet gallery script by Salaudeen Rajack at https://gallery.technet.microsoft.com/office/SharePoint-Permission-2840f327
#Script written by Salaudeen only genrate report for a single person, where as below script generates acceess permissions details for all users.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

Function GetUserAccessReport($WebAppURL, $FileUrl)
{
 #Get All Site Collections of the WebApp
 $SiteCollections = Get-SPSite -WebApplication $WebAppURL -Limit All

#Write CSV- TAB Separated File) Header
"URL `t Site/List `t Title `t PermissionType `t Permissions  `t LoginName" | out-file $FileUrl


 #Check Web Application Policies
 $WebApp= Get-SPWebApplication $WebAppURL

 foreach ($Policy in $WebApp.Policies) 
   {
   #Check if the search users is member of the group
  #if($Policy.UserName -eq $SearchUser)
    # {
    #Write-Host $Policy.UserName
     $PolicyRoles=@()
     foreach($Role in $Policy.PolicyRoleBindings)
    {
     $PolicyRoles+= $Role.Name +";"
    }
    #Write-Host "Permissions: " $PolicyRoles
    
    "$($AdminWebApp.URL) `t Web Application `t $($AdminSite.Title)`t  Web Application Policy `t $($PolicyRoles) `t $($Policy.UserName)" | Out-File $FileUrl -Append
   #}
   }
  
  #Loop through all site collections
   foreach($Site in $SiteCollections) 
    {
   #Check Whether the Search User is a Site Collection Administrator
   foreach($SiteCollAdmin in $Site.RootWeb.SiteAdministrators)
       {
    "$($Site.RootWeb.Url) `t Site `t $($Site.RootWeb.Title)`t Site Collection Administrator `t Site Collection Administrator `t $($SiteCollAdmin.LoginName)" | Out-File $FileUrl -Append
  
  }
  
    #Loop throuh all Sub Sites
       foreach($Web in $Site.AllWebs) 
       { 
   if($Web.HasUniqueRoleAssignments -eq $True)
             {
          #Get all the users granted permissions to the list
             foreach($WebRoleAssignment in $Web.RoleAssignments ) 
                 { 
                   #Is it a User Account?
      if($WebRoleAssignment.Member.userlogin)    
       {
            #Get the Permissions assigned to user
           $WebUserPermissions=@()
             foreach ($RoleDefinition  in $WebRoleAssignment.RoleDefinitionBindings)
             {
                             $WebUserPermissions += $RoleDefinition.Name +";"
                            }
          #write-host "with these permissions: " $WebUserPermissions
          #Send the Data to Log file
          "$($Web.Url) `t Site `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions)  `t $($WebRoleAssignment.Member.LoginName)" | Out-File $FileUrl -Append
       }
     #Its a SharePoint Group, So search inside the group and check if the user is member of that group
     else  
      {
                        foreach($user in $WebRoleAssignment.member.users)
                            {
            #Get the Group's Permissions on site
         $WebGroupPermissions=@()
            foreach ($RoleDefinition  in $WebRoleAssignment.RoleDefinitionBindings)
            {
                           $WebGroupPermissions += $RoleDefinition.Name +";"
                           }
         #write-host "Group has these permissions: " $WebGroupPermissions
         
         #Send the Data to Log file
         "$($Web.Url) `t Site `t $($Web.Title)`t Member of $($WebRoleAssignment.Member.Name) Group `t $($WebGroupPermissions) `t $($user.LoginName)" | Out-File $FileUrl -Append
       }
      }
                    }
    }
    
    #********  Check Lists with Unique Permissions ********/
              foreach($List in $Web.lists)
              {
                  if($List.HasUniqueRoleAssignments -eq $True -and ($List.Hidden -eq $false))
                  {
                     #Get all the users granted permissions to the list
                foreach($ListRoleAssignment in $List.RoleAssignments ) 
                    { 
                      #Is it a User Account?
         if($ListRoleAssignment.Member.userlogin)    
          {
             
             #Get the Permissions assigned to user
              $ListUserPermissions=@()
                foreach ($RoleDefinition  in $ListRoleAssignment.RoleDefinitionBindings)
                {
                                $ListUserPermissions += $RoleDefinition.Name +";"
                               }
             #write-host "with these permissions: " $ListUserPermissions
             
             #Send the Data to Log file
             "$($List.ParentWeb.Url)/$($List.RootFolder.Url) `t List `t $($List.Title)`t Direct Permission1 `t $($ListUserPermissions)  `t $($ListRoleAssignment.Member)" | Out-File $FileUrl -Append
          }
          #Its a SharePoint Group, So search inside the group and check if the user is member of that group
         else  
          {
                             foreach($user in $ListRoleAssignment.member.users)
                                 {
                 #Get the Group's Permissions on site
              $ListGroupPermissions=@()
                 foreach ($RoleDefinition  in $ListRoleAssignment.RoleDefinitionBindings)
                 {
                                $ListGroupPermissions += $RoleDefinition.Name +";"
                                }
              #write-host "Group has these permissions: " $ListGroupPermissions
              
              #Send the Data to Log file
              "$($Web.Url) `t List `t $($List.Title)`t Member of $($ListRoleAssignment.Member.Name) Group `t $($user.LoginName) `t $($user.LoginName)" | Out-File $FileUrl -Append

            }
         } 
                       }
                }
              }
    } 
   }
     
  }

#Call the function to Check User Access
#GetUserAccessReport "http://sp2013" "c:\users_PermisionReport.csv"
Etiquetas:

Comentarios

Publicar un comentario

Entradas populares de este blog

Get SharePoint Online Site and SubSites permission using PowerShell

The below PowerShell script retrieves the following for the given SharePoint Online Site All the Sub-site's URL Security group attached with each Sub-site with their permission level Prerequisites: This PowerShell script uses the latest version of SharePoint Online PnP Module. Download the installer from https://github.com/SharePoint/PnP-PowerShell/releases  Install-Module SharePointPnPPowerShellOnline  Install-Module - Name ' SharePointPnP.PowerShell.Commands.Files.Recurse ' function  connect - site( $webs , $creds ){    Connect - PNPonline  - Url  $webs   - Credentials  $cred     }    function  get - sitepermission( $web , $cred ){    $rec =@()    connect - site  - webs  $web   - creds  $cred     if ( $web   - eq  $parentsitename )  {  #Write-Host "Parent site permission" $web   $Pgroups =G...
Publicar un comentario
Leer más

Conexión desde casa a una VPN sin perder salida a internet

Solución, asumiendo que estas en Windows: Panel de Control, Conexiones de Red. Clic derecho en la VPN, dale a propiedades. Anda a la pestaña de "Funciones de Red" y selecciona Protocolo Internet TCP/IP y clic en el botón "Propiedades". Ahora hazle clic al botón "Opciones Avanzadas..."En la pestaña "General", desmarca la opción que dice "Usar la puerta de enlace predeterminada en la red remota". Dale a aceptar a todas las ventanitas de opción, y ahora conéctate a la VPN nuevamente. Con eso deberías entrar a la VPN sin perder la conexión local de tu red e internet.
Publicar un comentario
Leer más

Event ID 8031 The uri endpoint information may be stale

An exception occurred while updating addresses for connected app {6783ce5e-c88h-4021-8d5b-12614875cbfa_b79f19ab-1d40-4824-9911-3466cf8b070a}. The uri endpoint information may be stale. System.InvalidOperationException: The requested application could not be found.    at Microsoft.SharePoint.SPTopologyWebServiceApplicationProxy.ProcessCommonExceptions(Uri endpointAddress, String operationName, Exception ex, SPServiceLoadBalancerContext context)    at Microsoft.SharePoint.SPTopologyWebServiceApplicationProxy.ExecuteOnChannel(String operationName, CodeBlock codeBlock)    at Microsoft.SharePoint.SPTopologyWebServiceApplicationProxy.GetEndPoints(Guid serviceId)    at Microsoft.SharePoint.SPConnectedServiceApplicationAddressesRefreshJob.Execute(Guid targetInstanceId) After de-commissioning some SharePoint servers, you might notice the above error on other WFEs /Application server’s event viewer . It appears that the SharePoint still has a reference...
Publicar un comentario
Leer más