Hi Frnds,
I am a back with a very useful blog that you might be struglling in SharePoint Enviromenet.
Yes I have been talking about the user access report on all the site, list, library for a particular webapplication.
Manually going in each site, list and library may takes a lot of time. why cant we quickly take help of the most powerfull tool (Powershell)
With the below code, you can generate a csv file which you can use it for getting report for a single user.
You will require:
SharePoint Powershell
Admin Right (Run the powershell as a administrator)
it will generate a tab separated CSV file.
as belolow
Credit goes to Salaudeen Rajack Rereferenced from Salaudeen SharePointDiary
Isnt it simple !! Cheers!!
I am a back with a very useful blog that you might be struglling in SharePoint Enviromenet.
Yes I have been talking about the user access report on all the site, list, library for a particular webapplication.
Manually going in each site, list and library may takes a lot of time. why cant we quickly take help of the most powerfull tool (Powershell)
With the below code, you can generate a csv file which you can use it for getting report for a single user.
You will require:
SharePoint Powershell
Admin Right (Run the powershell as a administrator)
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue Function GetUserAccessReport($WebAppURL, $SearchUser){ #Output Report location $OutputReport = "C:\Report\SabinaPermission.csv" #Please delete the file, If already exist! if (Test-Path $OutputReport) { Remove-Item $OutputReport }Write-host "I am scanning Farm Administrator Group..."#Write CSV- TAB Separated File) Header"URL `t Site/List `t Title `t PermissionType `t Permissions" | out-file $OutputReport ####Check Whether the Search Users is a Farm Administrator ### #Get the SharePoint Central Administration site $AdminWebApp= Get-SPwebapplication -includecentraladministration | where {$_.IsAdministrationWebApplication} $AdminSite = Get-SPweb($AdminWebApp.Url) $AdminGroupName = $AdminSite.AssociatedOwnerGroup $FarmAdminGroup = $AdminSite.SiteGroups[$AdminGroupName] #enumerate in farm adminidtrators groups foreach ($user in $FarmAdminGroup.users) { if($user.LoginName -eq $SearchUser) { "$($AdminWebApp.URL) `t Farm `t $($AdminSite.Title)`t Farm Administrator `t Farm Administrator" | Out-File $OutputReport -Append } } Write-host "I am Scanning Web Application Policies..." ### Check Web Application Policies ### $WebApp= Get-SPWebApplication $WebAppURL foreach ($Policy in $WebApp.Policies) { #Check if the search users is member of the group if($Policy.UserName -eq $SearchUser) { #Write-Host $Policy.UserName $PolicyRoles=@() foreach($Role in $Policy.PolicyRoleBindings) { $PolicyRoles+= $Role.Name +";" } #Write-Host "Permissions: " $PolicyRoles "$($AdminWebApp.URL) `t Web Application `t $($AdminSite.Title)`t Web Application Policy `t $($PolicyRoles)" | Out-File $OutputReport -Append } } Write-host "I am Scanning Site Collections..." #Get All Site Collections of the WebApp $SiteCollections = Get-SPSite -WebApplication $WebAppURL -Limit All #Loop through all site collections foreach($Site in $SiteCollections) { Write-host "I am Scanning Site Collection:" $site.Url #Check Whether the Search User is a Site Collection Administrator foreach($SiteCollAdmin in $Site.RootWeb.SiteAdministrators) { if($SiteCollAdmin.LoginName -eq $SearchUser) { "$($Site.RootWeb.Url) `t Site `t $($Site.RootWeb.Title)`t Site Collection Administrator `t Site Collection Administrator" | Out-File $OutputReport -Append } } #Loop throuh all Sub Sites foreach($Web in $Site.AllWebs) { if($Web.HasUniqueRoleAssignments -eq $True) { Write-host "I am Scanning Site:" $Web.Url #Get all the users granted permissions to the list foreach($WebRoleAssignment in $Web.RoleAssignments ) { #Is it a User Account? if($WebRoleAssignment.Member.userlogin) { #Is the current user is the user we search for? if($WebRoleAssignment.Member.LoginName -eq $SearchUser) { #Write-Host $SearchUser has direct permissions to site $Web.Url #Get the Permissions assigned to user $WebUserPermissions=@() foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings) { $WebUserPermissions += $RoleDefinition.Name +";" } #write-host "with these permissions: " $WebUserPermissions #Send the Data to Log file "$($Web.Url) `t Site `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions)" | Out-File $OutputReport -Append } } #Its a SharePoint Group, So search inside the group and check if the user is member of that group else { foreach($user in $WebRoleAssignment.member.users) { #Check if the search users is member of the group if($user.LoginName -eq $SearchUser) { #Write-Host "$SearchUser is Member of " $WebRoleAssignment.Member.Name "Group" #Get the Group's Permissions on site $WebGroupPermissions=@() foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings) { $WebGroupPermissions += $RoleDefinition.Name +";" } #write-host "Group has these permissions: " $WebGroupPermissions #Send the Data to Log file "$($Web.Url) `t Site `t $($Web.Title)`t Member of $($WebRoleAssignment.Member.Name) Group `t $($WebGroupPermissions)" | Out-File $OutputReport -Append } } } } } ###***** Check Lists with Unique Permissions *******### foreach($List in $Web.lists) { if($List.HasUniqueRoleAssignments -eq $True -and ($List.Hidden -eq $false)) { Write-host "Scanning List:" $List.RootFolder.Url #Get all the users granted permissions to the list foreach($ListRoleAssignment in $List.RoleAssignments ) { #Is it a User Account? if($ListRoleAssignment.Member.userlogin) { #Is the current user is the user we search for? if($ListRoleAssignment.Member.LoginName -eq $SearchUser) { #Write-Host $SearchUser has direct permissions to List ($List.ParentWeb.Url)/($List.RootFolder.Url) #Get the Permissions assigned to user $ListUserPermissions=@() foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings) { $ListUserPermissions += $RoleDefinition.Name +";" } #write-host "with these permissions: " $ListUserPermissions #Send the Data to Log file "$($List.ParentWeb.Url)/$($List.RootFolder.Url) `t List `t $($List.Title)`t Direct Permissions `t $($ListUserPermissions)" | Out-File $OutputReport -Append } } #Its a SharePoint Group, So search inside the group and check if the user is member of that group else { foreach($user in $ListRoleAssignment.member.users) { if($user.LoginName -eq $SearchUser) { #Write-Host "$SearchUser is Member of " $ListRoleAssignment.Member.Name "Group" #Get the Group's Permissions on site $ListGroupPermissions=@() foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings) { $ListGroupPermissions += $RoleDefinition.Name +";" } #write-host "Group has these permissions: " $ListGroupPermissions #Send the Data to Log file "$($Web.Url) `t Site `t $($List.Title)`t Member of $($ListRoleAssignment.Member.Name) Group `t $($ListGroupPermissions)" | Out-File $OutputReport -Append } } } } } } } } Write-host "`n Access Rights Report Generated!" } #Call the function to Check User AccessGetUserAccessReport "http://Yoursharepointname.com" "i:0#.w|sharepoint\Sabina"as belolow
Credit goes to Salaudeen Rajack Rereferenced from Salaudeen SharePointDiary Isnt it simple !! Cheers!!
