Informatics People - SharePoint developer: Get all List/Document/Folder Level Permission

# This script gets permissions for all users in a web application on all objects (web application > site collection > web > list/library > item)

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

Function GetUserAccessReport($WebAppURL, $FileUrl)

{

Write-Host "Generating permission report..."

#Get All Site Collections of the WebApp

$SiteCollections = Get-SPSite -WebApplication $WebAppURL -Limit All

#Write CSV- TAB Separated File) Header

"URL`tSite/List/Folder/Item`tTitle/Name`tPermissionType`tPermissions `tLoginName" | out-file $FileUrl

#Check Web Application Policies

$WebApp= Get-SPWebApplication $WebAppURL

#Loop through all site collections

foreach($Site in $SiteCollections)

{

#Check Whether the Search User is a Site Collection Administrator

foreach($SiteCollAdmin in $Site.RootWeb.SiteAdministrators)

{

"$($Site.RootWeb.Url)`tSite`t$($Site.RootWeb.Title)`tSite Collection Administrator`tSite Collection Administrator`t$($SiteCollAdmin.DisplayName)" | Out-File $FileUrl -Append

}

#Loop throuh all Sub Sites

foreach($Web in $Site.AllWebs)

{

if($Web.HasUniqueRoleAssignments -eq $True)

{

#Get all the users granted permissions to the list

foreach($WebRoleAssignment in $Web.RoleAssignments )

{

#Is it a User Account?

if($WebRoleAssignment.Member.userlogin)

{

#Get the Permissions assigned to user

$WebUserPermissions=@()

foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)

{

$WebUserPermissions += $RoleDefinition.Name +";"

}

#Send the Data to Log file

"$($Web.Url)`tSite`t$($Web.Title)`tDirect Permission`t$($WebUserPermissions) `t$($WebRoleAssignment.Member.DisplayName)" | Out-File $FileUrl -Append

}

#Its a SharePoint Group, So search inside the group and check if the user is member of that group

else

{

foreach($user in $WebRoleAssignment.member.users)

{

#Get the Group's Permissions on site

$WebGroupPermissions=@()

foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)

{

$WebGroupPermissions += $RoleDefinition.Name +";"

}

#Send the Data to Log file

"$($Web.Url)`tSite`t$($Web.Title)`tMember of $($WebRoleAssignment.Member.Name) Group`t$($WebGroupPermissions)`t$($user.DisplayName)" | Out-File $FileUrl -Append

}

#******** Check Lists, Folders, and Items with Unique Permissions ********/

foreach($List in $Web.lists)

{ Write-Host "Checking List "$List.Title" level permissions..." -ForegroundColor Green

if($List.HasUniqueRoleAssignments -eq $True -and ($List.Hidden -eq $false))

{

#Get all the users granted permissions to the list

foreach($ListRoleAssignment in $List.RoleAssignments )

{

#Is it a User Account?

if($ListRoleAssignment.Member.userlogin)

{

#Get the Permissions assigned to user

$ListUserPermissions=@()

foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)

{

$ListUserPermissions += $RoleDefinition.Name +";"

}

#Send the Data to Log file

"$($List.ParentWeb.Url)/$($List.RootFolder.Url)`tList`t$($List.Title)`tDirect Permission`t$($ListUserPermissions) `t$($ListRoleAssignment.Member.DisplayName)" | Out-File $FileUrl -Append

}

#Its a SharePoint Group, So search inside the group and check if the user is member of that group

else

{

foreach($user in $ListRoleAssignment.member.users)

{

#Get the Group's Permissions on site

$ListGroupPermissions=@()

foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)

{

$ListGroupPermissions += $RoleDefinition.Name +";"

}

#Send the Data to Log file

"$($List.ParentWeb.Url)/$($List.RootFolder.Url)`tList`t$($List.Title)`tMember of $($ListRoleAssignment.Member.Name) Group`t$($ListGroupPermissions)`t$($user.DisplayName)" | Out-File $FileUrl -Append

}

#Get Folder level permissions

foreach($Folder in $List.folders)

{

Write-Host "Checking Folder "$Folder.Name" level permissions..." -ForegroundColor Magenta

if($Folder.HasUniqueRoleAssignments -eq $True)

{

#Get all the users granted permissions to the folder

foreach($FolderRoleAssignment in $Folder.RoleAssignments )

{

#Is it a User Account?

if($FolderRoleAssignment.Member.userlogin)

{

#Get the Permissions assigned to user

$FolderUserPermissions=@()

foreach ($RoleDefinition in $FolderRoleAssignment.RoleDefinitionBindings)

{

$FolderUserPermissions += $RoleDefinition.Name +";"

}

#Send the Data to Log file

"$($Folder.Web.Url)/$($Folder.Url)`tFolder`t$($Folder.Name)`tDirect Permission`t$($FolderUserPermissions) `t$($FolderRoleAssignment.Member.DisplayName)" | Out-File $FileUrl -Append

}

#Is it a domain Account?

if($FolderRoleAssignment.Member.IsDo)

{

#Get the Permissions assigned to user

$FolderUserPermissions=@()

foreach ($RoleDefinition in $FolderRoleAssignment.RoleDefinitionBindings)

{

$FolderUserPermissions += $RoleDefinition.Name +";"

}

#Send the Data to Log file

"$($Folder.Web.Url)/$($Folder.Url)`tFolder`t$($Folder.Title)`tDirect Permission`t$($FolderUserPermissions) `t$($FolderRoleAssignment.Member.DisplayName)" | Out-File $FileUrl -Append

}

#Its a SharePoint Group, So search inside the group and check if the user is member of that group

else

{

foreach($user in $FolderRoleAssignment.member.users)

{

#Get the Group's Permissions on site

$FolderGroupPermissions=@()

foreach ($RoleDefinition in $FolderRoleAssignment.RoleDefinitionBindings)

{

$FolderGroupPermissions += $RoleDefinition.Name +";"

}

#Send the Data to Log file

"$($Folder.Web.Url)/$($Folder.Url)`tFolder`t$($Folder.Title)`tMember of $($FolderRoleAssignment.Member.Name) Group`t$($FolderGroupPermissions)`t$($user.DisplayName)" | Out-File $FileUrl -Append

}

#Call the function to Check User Access

GetUserAccessReport "http://win-2016" "D:\PowerShell-help\April2018\3rd\SharePoint_Permission_Report.csv"

Write-Host "Complete"

Informatics People - SharePoint developer

Search This Blog

Monday, April 2, 2018

Get all List/Document/Folder Level Permission - SharePoint PowerShell

No comments:

Post a Comment