if ((Get-PSSnapin
"Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue)
-eq $null)
{
Add-PSSnapin
"Microsoft.SharePoint.PowerShell"
}
Function GetUserAccessReport($WebAppURL, $FileUrl)
{
#Get All Site Collections of the WebApp
$SiteCollections = Get-SPSite -WebApplication $WebAppURL
-Limit All
#Write CSV- TAB Separated File) Header
"URL `t Site/List `t Title `t PermissionType `t
Permissions/AD Group `t LoginName" | out-file $FileUrl
#Check Web Application Policies
$WebApp=
Get-SPWebApplication $WebAppURL
#Loop through all site collections
foreach($Site
in $SiteCollections)
{
#Loop throuh all Sub Sites
foreach($Web
in $Site.AllWebs)
{
if($Web.HasUniqueRoleAssignments -eq $True)
{
#Get all the users granted permissions to the list
foreach($WebRoleAssignment
in $Web.RoleAssignments )
{
#Is it a User Account?
if($WebRoleAssignment.Member.userlogin)
{
#Get
the Permissions assigned to user
$WebUserPermissions=@()
foreach
($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebUserPermissions +=
$RoleDefinition.Name
+";"
}
write-host
"with these permissions: " $WebUserPermissions
#Send
the Data to Log file
"$($Web.Url) `t Site `t $($Web.Title)`t Direct
Permission `t $($WebUserPermissions) `t $($WebRoleAssignment.Member.DisplayName)”
| Out-File $FileUrl -Append
}
#Its
a SharePoint Group, So search inside the group and check if the user is member
of that group
else
{
foreach($user in $WebRoleAssignment.member.users)
{
#Get
the Group’s Permissions on site
$WebGroupPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebGroupPermissions +=
$RoleDefinition.Name
+”;”
}
#write-host “Group has these permissions: ” $WebGroupPermissions
#Send the Data to Log file
“$($Web.Url) `t Site `t $($Web.Title)`t Member of $($WebRoleAssignment.Member.Name) Group `t $($WebGroupPermissions) `t $($user.DisplayName)"
| Out-File $FileUrl -Append
}
}
}
}
#******** Check Lists with Unique Permissions Here , I comment $List.HasUniqueRoleAssignments -eq $True if you want commentout line for uniqu permission ********/
foreach($List in $Web.lists)
{
if(
($List.Hidden
-eq $false))
#$List.HasUniqueRoleAssignments -eq $True -and
{
#Get
all the users granted permissions to the list
foreach($ListRoleAssignment in
$List.RoleAssignments
)
{
#Is
it a User Account?
if($ListRoleAssignment.Member.userlogin)
{
#Get
the Permissions assigned to user
$ListUserPermissions=@()
foreach
($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)
{
$ListUserPermissions +=
$RoleDefinition.Name
+";"
}
#write-host
"with these permissions: " $ListUserPermissions
#Send
the Data to Log file
"$($List.ParentWeb.Url)/$($List.RootFolder.Url) `t $($List.BaseType) `t $($List.Title)`t Direct
Permission1 `t $($ListUserPermissions) `t $($ListRoleAssignment.Member.DisplayName)”
| Out-File $FileUrl -Append
}
#Its
a SharePoint Group, So search inside the group and check if the user is member
of that group
else
{
foreach($user in $ListRoleAssignment.member.users)
{
#Get the Group’s Permissions on site
$ListGroupPermissions=@()
foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)
{
$ListGroupPermissions +=
$RoleDefinition.Name
+”;”
}
#write-host “Group has these permissions: ”
$ListGroupPermissions
#Send the
Data to Log file
“$($Web.Url)/$($List.RootFolder.Url) `t $($List.BaseType) `t $($List.Title)`t Member of $($ListRoleAssignment.Member.Name) Group `t $($user.DisplayName) `t $($user.DisplayName)”
| Out-File $FileUrl -Append
}
}
}
}
}
}
}
}
GetUserAccessReport "http://win-2016" "D:\users_PermisionReport.csv";
No comments:
Post a Comment