Hi,
I have recently published two tools on to check effective permissions of a user in an entire site collection. I provided console application and powershell script for this.
http://rahulrashu.blogspot.com/2011/12/how-to-check-effective-permissions-of_11.html
http://rahulrashu.blogspot.com/2011/12/how-to-check-effective-permissions-of.html
However these options were available for only server administrators. Hence to provide these options to other users I created an application page and a feature to shown the link under site collection adminstration. To deploy the same I have created a wsp file and a batch file to deploy the same.
Here are the codes
For application page:
<%@ Page Language="C#" MasterPageFile="application.master" Inherits="Microsoft.SharePoint.WebControls.LayoutsPageBase" %>
<%@ Assembly Name="Microsoft.Office.Server.SecurityReport, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"%>
<%@ Assembly Name="System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"%>
<%@ Assembly Name="Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"%>
<%@ Assembly Name="Microsoft.SharePoint.ApplicationPages, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"%>
<%@ Register Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral,PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.WebControls" TagPrefix="cc1" %>
<%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Import Namespace="Microsoft.SharePoint" %>
<%@ Import Namespace="Microsoft.Office.Server.UserProfiles" %>
<%@ Import Namespace="Microsoft.Office.Server" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Collections.ObjectModel" %>
<script runat="server" >
void Page_Load(object sender, EventArgs e)
{
}
void Change_Title(object sender, EventArgs e)
{
SPWeb web1 = this.Web;
if(UserPicker.ResolvedEntities.Count > 0)
{
PickerEntity selectedEntity = (PickerEntity)UserPicker.ResolvedEntities[0];
ServerContext serverContext = ServerContext.GetContext(web1.Site);
UserProfileManager userProfileManager = new UserProfileManager(serverContext);
UserProfile userProfile = userProfileManager.GetUserProfile(selectedEntity.Key);
String userLogin = userProfile[PropertyConstants.AccountName].Value.ToString();
SPWebCollection webs = web1.Site.AllWebs;
DataTable userTable = new DataTable();
userTable.Columns.Add("WebUrl");
userTable.Columns.Add("Permission");
userTable.Columns.Add("GivenVia");
foreach (SPWeb web in webs)
{
SPPermissionInfo permissionInfo = web.GetUserEffectivePermissionInfo(userLogin);
Collection<SPRoleAssignment> roles = permissionInfo.RoleAssignments;
SPUser user = web.AllUsers[userLogin];
if (user.IsSiteAdmin)
{
label1.Text = "The user "+userLogin+" is a site collection administrator";
}
for (int i = 0; i < roles.Count; i++)
{
SPRoleDefinitionBindingCollection bRoles = roles[i].RoleDefinitionBindings;
foreach (SPRoleDefinition roleDefinition in bRoles)
{
if (roles[i].Member.ToString().Contains("\\"))
{
userTable.Rows.Add(web.Url,roleDefinition.Name,"Directly Given");
}
else
{
userTable.Rows.Add(web.Url,roleDefinition.Name,roles[i].Member.ToString());
}
}
}
}
SPBoundField fldPropertyName = new SPBoundField();
fldPropertyName.HeaderText = "Web Url";
fldPropertyName.DataField = "WebUrl";
rahulGrid.Columns.Add(fldPropertyName);
SPBoundField fldPropertyName1 = new SPBoundField();
fldPropertyName1.HeaderText = "Permission";
fldPropertyName1.DataField = "Permission";
rahulGrid.Columns.Add(fldPropertyName1);
SPBoundField fldPropertyName2 = new SPBoundField();
fldPropertyName2.HeaderText = "GivenVia";
fldPropertyName2.DataField = "GivenVia";
rahulGrid.Columns.Add(fldPropertyName2);
rahulGrid.DataSource = userTable;
rahulGrid.DataBind();
rahulGrid.Dispose();
}
}
</script>
<asp:Content contentplaceholderid="PlaceHolderPageTitle" runat="server">
<SharePoint:EncodedLiteral runat="server" text="Check Permissions in Entire Site Collection" EncodeMethod='HtmlEncode'/>
</asp:Content>
<asp:Content contentplaceholderid="PlaceHolderPageTitleInTitleArea" runat="server">
<SharePoint:EncodedLiteral runat="server" text="Check Permissions in Entire Site Collection" EncodeMethod='HtmlEncode'/>
</asp:Content>
<asp:Content ContentPlaceHolderID="PlaceHolderMain" runat="server">
<SharePoint:PeopleEditor id="UserPicker" runat="server"
SelectionSet="User,DL,SecGroup,SPGroup"
ValidatorEnabled="false"
AllowEmpty = "false"
MultiSelect = "false"
/><asp:Button runat="server" Text="Submit" OnClick="Change_Title" id="Button1"></asp:Button>
<br>
<asp:Label ID="label1" runat="server" ></asp:Label>
<br>
<SharePoint:SPGridView
runat="server"
ID="rahulGrid"
AutoGenerateColumns="false"
RowStyle-BackColor="#DDDDDD"
AlternatingRowStyle-BackColor="#EEEEEE" />
</asp:Content>
For batch file:
@ECHO Off
"C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\STSADM.exe" -o addSolution -filename RahulCheckEntireSitePermission.wsp
pause
"C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\STSADM.exe"% -o deploySolution -name RahulCheckEntireSitePermission.wsp -immediate -
allowgacdeployment
pause
"C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\STSADM.exe" -o installfeature -name RahulSitePermListing -force
pause
"C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\STSADM.exe" -o activatefeature -name RahulSitePermListing -url YourSiteUrl - force
In the batch file you need to change YourSiteUrl to the site where you want to activate the same.
The wsp file as well as the batch file can be downloaded here:
http://gallery.technet.microsoft.com/Check-Permissions-in-4a8f2b91
I hope this will help you out.
Thanks,
Rahul Rashu
I have recently published two tools on to check effective permissions of a user in an entire site collection. I provided console application and powershell script for this.
http://rahulrashu.blogspot.com/2011/12/how-to-check-effective-permissions-of_11.html
http://rahulrashu.blogspot.com/2011/12/how-to-check-effective-permissions-of.html
However these options were available for only server administrators. Hence to provide these options to other users I created an application page and a feature to shown the link under site collection adminstration. To deploy the same I have created a wsp file and a batch file to deploy the same.
Here are the codes
For application page:
<%@ Page Language="C#" MasterPageFile="application.master" Inherits="Microsoft.SharePoint.WebControls.LayoutsPageBase" %>
<%@ Assembly Name="Microsoft.Office.Server.SecurityReport, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"%>
<%@ Assembly Name="System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"%>
<%@ Assembly Name="Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"%>
<%@ Assembly Name="Microsoft.SharePoint.ApplicationPages, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"%>
<%@ Register Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral,PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.WebControls" TagPrefix="cc1" %>
<%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Import Namespace="Microsoft.SharePoint" %>
<%@ Import Namespace="Microsoft.Office.Server.UserProfiles" %>
<%@ Import Namespace="Microsoft.Office.Server" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Collections.ObjectModel" %>
<script runat="server" >
void Page_Load(object sender, EventArgs e)
{
}
void Change_Title(object sender, EventArgs e)
{
SPWeb web1 = this.Web;
if(UserPicker.ResolvedEntities.Count > 0)
{
PickerEntity selectedEntity = (PickerEntity)UserPicker.ResolvedEntities[0];
ServerContext serverContext = ServerContext.GetContext(web1.Site);
UserProfileManager userProfileManager = new UserProfileManager(serverContext);
UserProfile userProfile = userProfileManager.GetUserProfile(selectedEntity.Key);
String userLogin = userProfile[PropertyConstants.AccountName].Value.ToString();
SPWebCollection webs = web1.Site.AllWebs;
DataTable userTable = new DataTable();
userTable.Columns.Add("WebUrl");
userTable.Columns.Add("Permission");
userTable.Columns.Add("GivenVia");
foreach (SPWeb web in webs)
{
SPPermissionInfo permissionInfo = web.GetUserEffectivePermissionInfo(userLogin);
Collection<SPRoleAssignment> roles = permissionInfo.RoleAssignments;
SPUser user = web.AllUsers[userLogin];
if (user.IsSiteAdmin)
{
label1.Text = "The user "+userLogin+" is a site collection administrator";
}
for (int i = 0; i < roles.Count; i++)
{
SPRoleDefinitionBindingCollection bRoles = roles[i].RoleDefinitionBindings;
foreach (SPRoleDefinition roleDefinition in bRoles)
{
if (roles[i].Member.ToString().Contains("\\"))
{
userTable.Rows.Add(web.Url,roleDefinition.Name,"Directly Given");
}
else
{
userTable.Rows.Add(web.Url,roleDefinition.Name,roles[i].Member.ToString());
}
}
}
}
SPBoundField fldPropertyName = new SPBoundField();
fldPropertyName.HeaderText = "Web Url";
fldPropertyName.DataField = "WebUrl";
rahulGrid.Columns.Add(fldPropertyName);
SPBoundField fldPropertyName1 = new SPBoundField();
fldPropertyName1.HeaderText = "Permission";
fldPropertyName1.DataField = "Permission";
rahulGrid.Columns.Add(fldPropertyName1);
SPBoundField fldPropertyName2 = new SPBoundField();
fldPropertyName2.HeaderText = "GivenVia";
fldPropertyName2.DataField = "GivenVia";
rahulGrid.Columns.Add(fldPropertyName2);
rahulGrid.DataSource = userTable;
rahulGrid.DataBind();
rahulGrid.Dispose();
}
}
</script>
<asp:Content contentplaceholderid="PlaceHolderPageTitle" runat="server">
<SharePoint:EncodedLiteral runat="server" text="Check Permissions in Entire Site Collection" EncodeMethod='HtmlEncode'/>
</asp:Content>
<asp:Content contentplaceholderid="PlaceHolderPageTitleInTitleArea" runat="server">
<SharePoint:EncodedLiteral runat="server" text="Check Permissions in Entire Site Collection" EncodeMethod='HtmlEncode'/>
</asp:Content>
<asp:Content ContentPlaceHolderID="PlaceHolderMain" runat="server">
<SharePoint:PeopleEditor id="UserPicker" runat="server"
SelectionSet="User,DL,SecGroup,SPGroup"
ValidatorEnabled="false"
AllowEmpty = "false"
MultiSelect = "false"
/><asp:Button runat="server" Text="Submit" OnClick="Change_Title" id="Button1"></asp:Button>
<br>
<asp:Label ID="label1" runat="server" ></asp:Label>
<br>
<SharePoint:SPGridView
runat="server"
ID="rahulGrid"
AutoGenerateColumns="false"
RowStyle-BackColor="#DDDDDD"
AlternatingRowStyle-BackColor="#EEEEEE" />
</asp:Content>
For batch file:
@ECHO Off
"C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\STSADM.exe" -o addSolution -filename RahulCheckEntireSitePermission.wsp
pause
"C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\STSADM.exe"% -o deploySolution -name RahulCheckEntireSitePermission.wsp -immediate -
allowgacdeployment
pause
"C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\STSADM.exe" -o installfeature -name RahulSitePermListing -force
pause
"C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\STSADM.exe" -o activatefeature -name RahulSitePermListing -url YourSiteUrl - force
In the batch file you need to change YourSiteUrl to the site where you want to activate the same.
The wsp file as well as the batch file can be downloaded here:
http://gallery.technet.microsoft.com/Check-Permissions-in-4a8f2b91
I hope this will help you out.
Thanks,
Rahul Rashu