Ir al contenido principal

SharePoint: User Permissions detail report for a Web Application

fuente: http://mstechtalk.com/sharepoint-user-permissions-detail-report-for-a-web-application/
Overview:
A site administrator can easily verify and check user permissions from site settings page, steps are quite simple:
Go to Site Settings –> Site Permissions –> Click on Check Permissions Button and enter user name, this will list the user rights for a single user. But what if it is required to list access permission details for all the users in a SharePoint site, this is not possible Out of the Box.
The below listed script methods are helpful is this scenario, it will list  all users with their permissions and security group detail. The script will generate a detail drill down report for a Web Application which include all sites, sub sites, lists/libraries and items (if inheritance is break).
PowerShell
#Script written and modified by Adnan Amin
#Blog: http://mstechtalk.com
#twitter: @adnan_amin
#facebook: https://www.facebook.com/groups/SharePoint.Pakistan/
#facebook: https://www.facebook.com/MSTechTalk
#The initial idea was taken from another technet gallery script by Salaudeen Rajack at https://gallery.technet.microsoft.com/office/SharePoint-Permission-2840f327
#Script written by Salaudeen only genrate report for a single person, where as below script generates acceess permissions details for all users.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

Function GetUserAccessReport($WebAppURL, $FileUrl)
{
 #Get All Site Collections of the WebApp
 $SiteCollections = Get-SPSite -WebApplication $WebAppURL -Limit All

#Write CSV- TAB Separated File) Header
"URL `t Site/List `t Title `t PermissionType `t Permissions  `t LoginName" | out-file $FileUrl


 #Check Web Application Policies
 $WebApp= Get-SPWebApplication $WebAppURL

 foreach ($Policy in $WebApp.Policies) 
   {
   #Check if the search users is member of the group
  #if($Policy.UserName -eq $SearchUser)
    # {
    #Write-Host $Policy.UserName
     $PolicyRoles=@()
     foreach($Role in $Policy.PolicyRoleBindings)
    {
     $PolicyRoles+= $Role.Name +";"
    }
    #Write-Host "Permissions: " $PolicyRoles
    
    "$($AdminWebApp.URL) `t Web Application `t $($AdminSite.Title)`t  Web Application Policy `t $($PolicyRoles) `t $($Policy.UserName)" | Out-File $FileUrl -Append
   #}
   }
  
  #Loop through all site collections
   foreach($Site in $SiteCollections) 
    {
   #Check Whether the Search User is a Site Collection Administrator
   foreach($SiteCollAdmin in $Site.RootWeb.SiteAdministrators)
       {
    "$($Site.RootWeb.Url) `t Site `t $($Site.RootWeb.Title)`t Site Collection Administrator `t Site Collection Administrator `t $($SiteCollAdmin.LoginName)" | Out-File $FileUrl -Append
  
  }
  
    #Loop throuh all Sub Sites
       foreach($Web in $Site.AllWebs) 
       { 
   if($Web.HasUniqueRoleAssignments -eq $True)
             {
          #Get all the users granted permissions to the list
             foreach($WebRoleAssignment in $Web.RoleAssignments ) 
                 { 
                   #Is it a User Account?
      if($WebRoleAssignment.Member.userlogin)    
       {
            #Get the Permissions assigned to user
           $WebUserPermissions=@()
             foreach ($RoleDefinition  in $WebRoleAssignment.RoleDefinitionBindings)
             {
                             $WebUserPermissions += $RoleDefinition.Name +";"
                            }
          #write-host "with these permissions: " $WebUserPermissions
          #Send the Data to Log file
          "$($Web.Url) `t Site `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions)  `t $($WebRoleAssignment.Member.LoginName)" | Out-File $FileUrl -Append
       }
     #Its a SharePoint Group, So search inside the group and check if the user is member of that group
     else  
      {
                        foreach($user in $WebRoleAssignment.member.users)
                            {
            #Get the Group's Permissions on site
         $WebGroupPermissions=@()
            foreach ($RoleDefinition  in $WebRoleAssignment.RoleDefinitionBindings)
            {
                           $WebGroupPermissions += $RoleDefinition.Name +";"
                           }
         #write-host "Group has these permissions: " $WebGroupPermissions
         
         #Send the Data to Log file
         "$($Web.Url) `t Site `t $($Web.Title)`t Member of $($WebRoleAssignment.Member.Name) Group `t $($WebGroupPermissions) `t $($user.LoginName)" | Out-File $FileUrl -Append
       }
      }
                    }
    }
    
    #********  Check Lists with Unique Permissions ********/
              foreach($List in $Web.lists)
              {
                  if($List.HasUniqueRoleAssignments -eq $True -and ($List.Hidden -eq $false))
                  {
                     #Get all the users granted permissions to the list
                foreach($ListRoleAssignment in $List.RoleAssignments ) 
                    { 
                      #Is it a User Account?
         if($ListRoleAssignment.Member.userlogin)    
          {
             
             #Get the Permissions assigned to user
              $ListUserPermissions=@()
                foreach ($RoleDefinition  in $ListRoleAssignment.RoleDefinitionBindings)
                {
                                $ListUserPermissions += $RoleDefinition.Name +";"
                               }
             #write-host "with these permissions: " $ListUserPermissions
             
             #Send the Data to Log file
             "$($List.ParentWeb.Url)/$($List.RootFolder.Url) `t List `t $($List.Title)`t Direct Permission1 `t $($ListUserPermissions)  `t $($ListRoleAssignment.Member)" | Out-File $FileUrl -Append
          }
          #Its a SharePoint Group, So search inside the group and check if the user is member of that group
         else  
          {
                             foreach($user in $ListRoleAssignment.member.users)
                                 {
                 #Get the Group's Permissions on site
              $ListGroupPermissions=@()
                 foreach ($RoleDefinition  in $ListRoleAssignment.RoleDefinitionBindings)
                 {
                                $ListGroupPermissions += $RoleDefinition.Name +";"
                                }
              #write-host "Group has these permissions: " $ListGroupPermissions
              
              #Send the Data to Log file
              "$($Web.Url) `t List `t $($List.Title)`t Member of $($ListRoleAssignment.Member.Name) Group `t $($user.LoginName) `t $($user.LoginName)" | Out-File $FileUrl -Append

            }
         } 
                       }
                }
              }
    } 
   }
     
  }

#Call the function to Check User Access
#GetUserAccessReport "http://sp2013" "c:\users_PermisionReport.csv"
Etiquetas:

Comentarios

Publicar un comentario

Entradas populares de este blog

O365 - Forms - Transferir la propiedad de un formulario

Fuente :  https://support.office.com/es-es/article/transferir-la-propiedad-de-un-formulario-921a6361-a4e5-44ea-bce9-c4ed63aa54b4 Si ha creado una encuesta, una prueba o un sondeo, puede moverlos fácilmente a un grupo para que todos los miembros del grupo se conviertan en propietarios de ese formulario. Transferir el formulario a un grupo En el explorador Web, vaya a  Forms.Office.com . En la pestaña  mis formularios  , busque el formulario que desea transferir. Haga clic en  más acciones de formulario    y, a continuación, seleccione  mover . Nota:  Solo puede mover el formulario si es el propietario de ese formulario. No puede transferir la propiedad de un formulario que está compartido con usted. Seleccione el grupo al que desea transferir el formulario y, a continuación, haga clic en  mover . El formulario que ha movido aparecerá en la pestaña  formularios de grupo  . ¿Qué ocurre con el libr...
Publicar un comentario
Leer más

Event ID 8031 The uri endpoint information may be stale

An exception occurred while updating addresses for connected app {6783ce5e-c88h-4021-8d5b-12614875cbfa_b79f19ab-1d40-4824-9911-3466cf8b070a}. The uri endpoint information may be stale. System.InvalidOperationException: The requested application could not be found.    at Microsoft.SharePoint.SPTopologyWebServiceApplicationProxy.ProcessCommonExceptions(Uri endpointAddress, String operationName, Exception ex, SPServiceLoadBalancerContext context)    at Microsoft.SharePoint.SPTopologyWebServiceApplicationProxy.ExecuteOnChannel(String operationName, CodeBlock codeBlock)    at Microsoft.SharePoint.SPTopologyWebServiceApplicationProxy.GetEndPoints(Guid serviceId)    at Microsoft.SharePoint.SPConnectedServiceApplicationAddressesRefreshJob.Execute(Guid targetInstanceId) After de-commissioning some SharePoint servers, you might notice the above error on other WFEs /Application server’s event viewer . It appears that the SharePoint still has a reference...
Publicar un comentario
Leer más

Get SharePoint Online Site and SubSites permission using PowerShell

The below PowerShell script retrieves the following for the given SharePoint Online Site All the Sub-site's URL Security group attached with each Sub-site with their permission level Prerequisites: This PowerShell script uses the latest version of SharePoint Online PnP Module. Download the installer from https://github.com/SharePoint/PnP-PowerShell/releases  Install-Module SharePointPnPPowerShellOnline  Install-Module - Name ' SharePointPnP.PowerShell.Commands.Files.Recurse ' function  connect - site( $webs , $creds ){    Connect - PNPonline  - Url  $webs   - Credentials  $cred     }    function  get - sitepermission( $web , $cred ){    $rec =@()    connect - site  - webs  $web   - creds  $cred     if ( $web   - eq  $parentsitename )  {  #Write-Host "Parent site permission" $web   $Pgroups =G...
Publicar un comentario
Leer más