Friday, 28 August 2015

User Permission Report for SharePoint 2013 (single user acces on list, library, site)

Hi Frnds,

I am a back with a very useful blog that you might be struglling in SharePoint Enviromenet.
Yes I have been talking about the user access report on all the site, list, library for a particular webapplication.

Manually going in each site, list and library may takes a lot of time. why cant we quickly take help of the most powerfull tool (Powershell)

With the below code, you can generate a csv file which you can use it for getting report for a single user.

You will require:

SharePoint Powershell
Admin Right (Run the powershell as a administrator)


Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
  
Function GetUserAccessReport($WebAppURL, $SearchUser)
{
    #Output Report location
    $OutputReport = "C:\Report\SabinaPermission.csv"
    #Please delete the file, If already exist!
    if (Test-Path $OutputReport)
     {
        Remove-Item $OutputReport
     }
Write-host "I am scanning Farm Administrator Group..."
#Write CSV- TAB Separated File) Header
"URL `t Site/List `t Title `t PermissionType `t Permissions" | out-file $OutputReport
  
  ####Check Whether the Search Users is a Farm Administrator ###
  #Get the SharePoint Central Administration site
  $AdminWebApp= Get-SPwebapplication -includecentraladministration | where {$_.IsAdministrationWebApplication}
    $AdminSite = Get-SPweb($AdminWebApp.Url)
    $AdminGroupName = $AdminSite.AssociatedOwnerGroup
    $FarmAdminGroup = $AdminSite.SiteGroups[$AdminGroupName]
  
 #enumerate in farm adminidtrators groups
    foreach ($user in $FarmAdminGroup.users)
    {
     if($user.LoginName -eq $SearchUser)
     {
       "$($AdminWebApp.URL) `t Farm `t $($AdminSite.Title)`t Farm Administrator `t Farm Administrator" | Out-File $OutputReport -Append
     }    
    }
  
Write-host "I am Scanning Web Application Policies..."
 ### Check Web Application Policies ###
  $WebApp= Get-SPWebApplication $WebAppURL
  
  foreach ($Policy in $WebApp.Policies)
  {
      #Check if the search users is member of the group
     if($Policy.UserName -eq $SearchUser)
       {
       #Write-Host $Policy.UserName
        $PolicyRoles=@()
       foreach($Role in $Policy.PolicyRoleBindings)
       {
        $PolicyRoles+= $Role.Name +";"
       }
       #Write-Host "Permissions: " $PolicyRoles
      "$($AdminWebApp.URL) `t Web Application `t $($AdminSite.Title)`t  Web Application Policy `t $($PolicyRoles)" | Out-File $OutputReport -Append
   }
  }
 Write-host "I am Scanning Site Collections..."
 #Get All Site Collections of the WebApp
 $SiteCollections = Get-SPSite -WebApplication $WebAppURL -Limit All
     
  #Loop through all site collections
   foreach($Site in $SiteCollections)
    {
     Write-host "I am Scanning Site Collection:" $site.Url
     #Check Whether the Search User is a Site Collection Administrator
     foreach($SiteCollAdmin in $Site.RootWeb.SiteAdministrators)
        {
      if($SiteCollAdmin.LoginName -eq $SearchUser)
      {
       "$($Site.RootWeb.Url) `t Site `t $($Site.RootWeb.Title)`t Site Collection Administrator `t Site Collection Administrator" | Out-File $OutputReport -Append
      }    
    }
    
     #Loop throuh all Sub Sites
  foreach($Web in $Site.AllWebs)
  {
      if($Web.HasUniqueRoleAssignments -eq $True)
            {
             Write-host "I am Scanning Site:" $Web.Url
     
            #Get all the users granted permissions to the list
              foreach($WebRoleAssignment in $Web.RoleAssignments )
    {
                 #Is it a User Account?
          if($WebRoleAssignment.Member.userlogin)  
           {
              #Is the current user is the user we search for?
              if($WebRoleAssignment.Member.LoginName -eq $SearchUser)
             {
               #Write-Host  $SearchUser has direct permissions to site $Web.Url
               #Get the Permissions assigned to user
       $WebUserPermissions=@()
                foreach ($RoleDefinition  in $WebRoleAssignment.RoleDefinitionBindings)
                {
                 $WebUserPermissions += $RoleDefinition.Name +";"
                }
               #write-host "with these permissions: " $WebUserPermissions
           
         #Send the Data to Log file
               "$($Web.Url) `t Site `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions)" | Out-File $OutputReport -Append
             }
           }
        #Its a SharePoint Group, So search inside the group and check if the user is member of that group
         else
          {
                        foreach($user in $WebRoleAssignment.member.users)
                            {
                #Check if the search users is member of the group
               if($user.LoginName -eq $SearchUser)
                {
                  #Write-Host  "$SearchUser is Member of " $WebRoleAssignment.Member.Name "Group"
                  #Get the Group's Permissions on site
                $WebGroupPermissions=@()
                  foreach ($RoleDefinition  in $WebRoleAssignment.RoleDefinitionBindings)
                  {
                      $WebGroupPermissions += $RoleDefinition.Name +";"
                     }
                #write-host "Group has these permissions: " $WebGroupPermissions
                
               #Send the Data to Log file
               "$($Web.Url) `t Site `t $($Web.Title)`t Member of $($WebRoleAssignment.Member.Name) Group `t $($WebGroupPermissions)" | Out-File $OutputReport -Append
              }
             }
     }
    }
      }
      
    ###*****  Check Lists with Unique Permissions *******###
   foreach($List in $Web.lists)
   {
             if($List.HasUniqueRoleAssignments -eq $True -and ($List.Hidden -eq $false))
                {
                 Write-host "Scanning List:" $List.RootFolder.Url
                    #Get all the users granted permissions to the list
     foreach($ListRoleAssignment in $List.RoleAssignments )
                    {
                     #Is it a User Account?
             if($ListRoleAssignment.Member.userlogin)  
              {
                 #Is the current user is the user we search for?
                 if($ListRoleAssignment.Member.LoginName -eq $SearchUser)
                {
                  #Write-Host  $SearchUser has direct permissions to List ($List.ParentWeb.Url)/($List.RootFolder.Url)
                  #Get the Permissions assigned to user
                   $ListUserPermissions=@()
                    foreach ($RoleDefinition  in $ListRoleAssignment.RoleDefinitionBindings)
                    {
                                 $ListUserPermissions += $RoleDefinition.Name +";"
                                }
                  #write-host "with these permissions: " $ListUserPermissions
               
                  #Send the Data to Log file
                  "$($List.ParentWeb.Url)/$($List.RootFolder.Url) `t List `t $($List.Title)`t Direct Permissions `t $($ListUserPermissions)" | Out-File $OutputReport -Append
                }
              }
              #Its a SharePoint Group, So search inside the group and check if the user is member of that group
             else
              {
       foreach($user in $ListRoleAssignment.member.users)
       {
                   if($user.LoginName -eq $SearchUser)
                    {
                     #Write-Host  "$SearchUser is Member of " $ListRoleAssignment.Member.Name "Group"
                      #Get the Group's Permissions on site
                    $ListGroupPermissions=@()
                      foreach ($RoleDefinition  in $ListRoleAssignment.RoleDefinitionBindings)
                      {
                                  $ListGroupPermissions += $RoleDefinition.Name +";"
                                 }
                    #write-host "Group has these permissions: " $ListGroupPermissions
                
                    #Send the Data to Log file
                    "$($Web.Url) `t Site `t $($List.Title)`t Member of $($ListRoleAssignment.Member.Name) Group `t $($ListGroupPermissions)" | Out-File $OutputReport -Append
                  }
                }
             }
                    }
                }
            }
     }
 }
      
 Write-host "`n Access Rights Report Generated!"
 }
  
#Call the function to Check User Access
GetUserAccessReport "http://Yoursharepointname.com" "i:0#.w|sharepoint\Sabina"

it will generate a tab separated CSV file.

as belolow

Credit goes to Salaudeen Rajack Rereferenced from Salaudeen SharePointDiary  

Isnt it simple !! Cheers!!

Friday, 21 August 2015

How to modify the existing Flat/Subject/Threaded View in Discussion Board of SharePoint 2013




Hi Pals,

I am back with a very useful blog on SharePoint 2013.

Many of you must be dealing with editing the existing view of discussion board in SharePoint 2013, as they appear to be read only and doesn't allow to modify or filter the columns or anything over it.

So, how can you deal with that... well that is the disappointing thing, isn't it?

So, there is a crack for the same. Just a change in the properties of the views and that it.

You will require:
SharePoint Designer 2013

Steps to Achieve:

1)      Open the SharePoint Designer for your particular site.

2)      Click on the List & Libraries and select the appropriate Discussion board list for which you need to modify the existing view.

3)      Suppose it’s a Threaded view.

4)      Go to view and select Threaded View and right click and select "Edit File in Advance Mode".
5)      Code view for Threaded View will be opened to you, just search for "ReadOnly = TRUE"
6)      Change the view ReadOnly = TRUE to ReadOnly = False (This will make the read only view back to editable view, where you can modify the properties as needed.

7)      Save the Page and Check, if you can edit the threaded properties or not in you SharePoint.

Please Note: Saving your page will pop up dialogue box, safely click yes and check the view in browser.
8)      Check the view in browser. (You will be able to see the properties and you can modify it accordingly)
Isn’t it Easy…  Cheers!!