SharePoint 2013: Users Permissions Detail Report in a SharePoint Farm
PowerShell Script Details
1. Gets all the lists with users with broken permissions.
2. Gets the all users added on the root with specific permission level.
3. Gets all the users added in a SharePoint Permission Group.
# Script Written By: Muhammad Salman Malik.
clear
if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null)
{
Add-PSSnapin "Microsoft.SharePoint.PowerShell"
}
$permissionsArray = @()
$path = "C:\UsersPermissionsOverView.csv"
$siteCounter = 0;
function getUserName($oUser){
$userName = "";
if($oUser.UserLogin.StartsWith("c:"))
{
$userName = $oUser.DisplayName
}
else
{
$userName = $oUser.LoginName;
}
return $userName;
}
# get all the webapplication
$weApplications= get-spwebapplication
$incrementProgress = 100/$weApplications.Count
$progressComplete = 0;
# iterate all the webapplication
foreach($webApp in $weApplications)
{
foreach ($site in $webApp.sites)
{
$siteCounter++;
write-host "Site Collection: " $site.Url -f Cyan
write-progress -Activity "Site Collection: " $site.Url -PercentComplete $progressComplete
$web = $site.RootWeb
if ($web.Lists.Count -gt 0)
{
foreach($list in $web.Lists)
{
# Find Lists in Site with Unique Permissions (Break inheritance)
if($list.HasUniqueRoleAssignments -eq $True -and ($List.Hidden -eq $false))
{
write-progress -Activity "List: " $list.Title -PercentComplete $progressComplete
foreach ($user in $web.SiteUsers)
{
foreach($listRoleAssignment in $list.RoleAssignments )
{
if($listRoleAssignment.Member.userlogin -eq $user.UserLogin)
{
#Write-Host "User: " $user.LoginName -f Yellow
$listUserPermissions=""
foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)
{
$listUserPermissions += $RoleDefinition.Name +";"
}
$permissionObject = New-Object PSObject -Property @{
"Type" = "List User"
"Web Url" = $web.Url
"Web Name"= $web.Title
"List/DocumentLibrary" = $list.Title
"User" = getUserName -oUser $user
"Group" = "-"
"Permissions" = $listUserPermissions
}
$permissionsArray += $permissionObject
}
}
}
}
}
}
# Find users added to the root with own Permission level (Without any Group)
foreach ($user in $web.users)
{
$listUserPermissions=""
foreach($listRoleAssignment in $web.RoleAssignments )
{
#Is it a User Account?
if($listRoleAssignment.Member.userlogin -eq $user.UserLogin)
{
$listUserPermissions=""
foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)
{
$listUserPermissions += $RoleDefinition.Name +";"
}
}
}
$permissionObject = New-Object PSObject -Property @{
"Type" = "Root User"
"Web Url" = $web.Url
"Web Name"= $web.Title
"List/DocumentLibrary" = "-"
"User" = getUserName -oUser $user
"Group" = "-"
"Permissions" = $listUserPermissions
}
$permissionsArray += $permissionObject
}
# Find users added to a group
foreach ($group in $web.Groups)
{
$groupUserPermissions=""
foreach($groupRoleAssignment in $group.ParentWeb.RoleAssignments.GetAssignmentByPrincipal($group) )
{
foreach ($roleDefinition in $groupRoleAssignment.RoleDefinitionBindings)
{
$groupUserPermissions += $roleDefinition.Name +";"
}
}
foreach ($user in $group.users)
{
$permissionObject = New-Object PSObject -Property @{
"Type" = "Group User"
"Web Url" = $web.Url
"Web Name"= $web.Title
"List/DocumentLibrary" = "-"
"User" = getUserName -oUser $user
"Group" = $group.name
"Permissions" = $groupUserPermissions
}
$permissionsArray += $permissionObject
}
}
}
$progressComplete = $progressComplete + $incrementProgress;
write-progress -Activity "Processed Web Application: " $webApp.Url -PercentComplete $progressComplete
}
# Total Count of the site collection
Write-Host "Total Site Collections Count: " $siteCounter -f Yellow
$permissionsArray | Export-Csv -path $path -Delimiter ";"
No comments:
Post a Comment