Saturday 24 December 2011

Application Page to check effective permissions of a user in an entire site collection in Sharepoint 2007

Hi,

I have recently published two tools on to check effective permissions of a user in an entire site collection. I provided console application and powershell script for this.
http://rahulrashu.blogspot.com/2011/12/how-to-check-effective-permissions-of_11.html
http://rahulrashu.blogspot.com/2011/12/how-to-check-effective-permissions-of.html

However these options were available for only server administrators. Hence to provide these options to other users I created an application page and a feature to shown the link under site collection adminstration. To deploy the same I have created a wsp file and a batch file to deploy the same.
Here are the codes
For application page:


<%@ Page Language="C#" MasterPageFile="application.master" Inherits="Microsoft.SharePoint.WebControls.LayoutsPageBase" %>
<%@ Assembly Name="Microsoft.Office.Server.SecurityReport, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"%>
<%@ Assembly Name="System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"%>
<%@ Assembly Name="Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"%>
<%@ Assembly Name="Microsoft.SharePoint.ApplicationPages, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"%>
<%@ Register Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral,PublicKeyToken=71e9bce111e9429c" Namespace="Microsoft.SharePoint.WebControls" TagPrefix="cc1" %>
<%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<%@ Import Namespace="Microsoft.SharePoint" %>
<%@ Import Namespace="Microsoft.Office.Server.UserProfiles" %>
<%@ Import Namespace="Microsoft.Office.Server" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Collections.ObjectModel" %>
<script runat="server" >
void Page_Load(object sender, EventArgs e)
{

}
void Change_Title(object sender, EventArgs e)
{
SPWeb web1 = this.Web;
if(UserPicker.ResolvedEntities.Count > 0)
{
PickerEntity selectedEntity = (PickerEntity)UserPicker.ResolvedEntities[0];
ServerContext serverContext = ServerContext.GetContext(web1.Site);
UserProfileManager userProfileManager = new UserProfileManager(serverContext);
UserProfile userProfile = userProfileManager.GetUserProfile(selectedEntity.Key);
String userLogin = userProfile[PropertyConstants.AccountName].Value.ToString();
SPWebCollection webs = web1.Site.AllWebs;
DataTable userTable = new DataTable();
userTable.Columns.Add("WebUrl");
userTable.Columns.Add("Permission");
userTable.Columns.Add("GivenVia");
 foreach (SPWeb web in webs)
 {
 SPPermissionInfo permissionInfo = web.GetUserEffectivePermissionInfo(userLogin);
 Collection<SPRoleAssignment> roles = permissionInfo.RoleAssignments;

 SPUser user = web.AllUsers[userLogin];
 if (user.IsSiteAdmin)
 {
 label1.Text = "The user "+userLogin+" is a site collection administrator";
 }

  for (int i = 0; i < roles.Count; i++)
 {
 SPRoleDefinitionBindingCollection bRoles = roles[i].RoleDefinitionBindings;
 foreach (SPRoleDefinition roleDefinition in bRoles)
 {
 if (roles[i].Member.ToString().Contains("\\"))
 {
  userTable.Rows.Add(web.Url,roleDefinition.Name,"Directly Given");

 }
  else
  {

  userTable.Rows.Add(web.Url,roleDefinition.Name,roles[i].Member.ToString());

  }
  }
 }

 }
 SPBoundField fldPropertyName = new SPBoundField();
fldPropertyName.HeaderText = "Web Url";
fldPropertyName.DataField = "WebUrl";
rahulGrid.Columns.Add(fldPropertyName);
SPBoundField fldPropertyName1 = new SPBoundField();
fldPropertyName1.HeaderText = "Permission";
fldPropertyName1.DataField = "Permission";
rahulGrid.Columns.Add(fldPropertyName1);
SPBoundField fldPropertyName2 = new SPBoundField();
fldPropertyName2.HeaderText = "GivenVia";
fldPropertyName2.DataField = "GivenVia";
rahulGrid.Columns.Add(fldPropertyName2);
rahulGrid.DataSource = userTable;
rahulGrid.DataBind();

rahulGrid.Dispose();
}
}

</script>
<asp:Content contentplaceholderid="PlaceHolderPageTitle" runat="server">
<SharePoint:EncodedLiteral runat="server" text="Check Permissions in Entire Site Collection" EncodeMethod='HtmlEncode'/>
</asp:Content>
<asp:Content contentplaceholderid="PlaceHolderPageTitleInTitleArea" runat="server">
<SharePoint:EncodedLiteral runat="server" text="Check Permissions in Entire Site Collection" EncodeMethod='HtmlEncode'/>
</asp:Content>
<asp:Content ContentPlaceHolderID="PlaceHolderMain" runat="server">
<SharePoint:PeopleEditor id="UserPicker"  runat="server"
SelectionSet="User,DL,SecGroup,SPGroup"
ValidatorEnabled="false"
AllowEmpty = "false"
MultiSelect = "false"
/><asp:Button runat="server" Text="Submit" OnClick="Change_Title" id="Button1"></asp:Button>
<br>
<asp:Label ID="label1" runat="server" ></asp:Label>
<br>
<SharePoint:SPGridView
  runat="server"
  ID="rahulGrid"
  AutoGenerateColumns="false"
  RowStyle-BackColor="#DDDDDD"
  AlternatingRowStyle-BackColor="#EEEEEE" />


</asp:Content>






For batch file:


@ECHO Off




"C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\STSADM.exe" -o addSolution -filename RahulCheckEntireSitePermission.wsp

pause

"C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\STSADM.exe"% -o deploySolution -name RahulCheckEntireSitePermission.wsp -immediate -

allowgacdeployment

pause

"C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\STSADM.exe" -o installfeature -name RahulSitePermListing -force

pause

"C:\Program Files\Common Files\microsoft shared\Web Server Extensions\12\BIN\STSADM.exe" -o activatefeature -name RahulSitePermListing -url YourSiteUrl - force

In the batch file you need to change YourSiteUrl to the site where you want to activate the same.
The wsp file as well as the batch file can be downloaded here:

http://gallery.technet.microsoft.com/Check-Permissions-in-4a8f2b91
I hope this will help you out.

Thanks,
Rahul Rashu




Sunday 11 December 2011

How to Check Effective Permissions of a User in Each Site in a Site Collection in Sharepoint 2007 and Sharepoint 2010 using Powershell

Hi,

I have observed that one of a tedious task for a sharepoint site administrator to check permissions of a user in each site in a site collection. Microsoft Admin Toolkit has provided a functionality that can be used to check effective permissions. This can be downloaded at http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=14227 for MOSS 2007 but it provides the way to check permissions only at a site, list and list item level. There is no way to use this at a single run for all sites in a site collection.
Hence to do this I have prepared the following powershell script. It works with both MOSS 2007 and SPS 2010. This takes 2 input values. The first is the url of the site collection and the second one is the userlogin. The user login should be in the form of Domain\Username



param([switch]$help)
[void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")
[void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server")
[void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server.UserProfiles")
[void][System.Reflection.Assembly]::LoadWithPartialName("System.Web")
function GetHelp() {
$HelpText = @"
DESCRIPTION:
This script will enumerate the permissions of the user in all webs under a site collection. This takes two input the user of the site collection and the username.The
username should be given in Domain\username format.
"@
$HelpText
}
function RahulCheckEffectivePermissionsInAllWebs() {
write-host "This script will chcek the effective permissions of a user"
write-host "Please enter the url of the site collection"
$url = read-host
write-host "Please enter the username of the user"
$userName = read-host
$site = New-Object Microsoft.SharePoint.SPSite($url)
$serverContext = [Microsoft.Office.Server.ServerContext]::GetContext($site)
$userProfileManager = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager($serverContext)
$userProfile = $userProfileManager.GetUserProfile($userName)
$userLogin = $userProfile[[Microsoft.Office.Server.UserProfiles.PropertyConstants]::AccountName].Value.ToString()
$webs = $site.AllWebs
foreach ($web in $webs)
{
$permissionInfo = $web.GetUserEffectivePermissionInfo($userLogin)
$roles = $permissionInfo.RoleAssignments
write-host "Now checking the permissions of the user "  $userLogin  " " "in the site " $web.Url
for ($i = 0; $i -lt $roles.Count; $i++)
{
$bRoles = $roles[$i].RoleDefinitionBindings
foreach ($roleDefinition in $bRoles)
{
 if ($roles[$i].Member.ToString().Contains('\'))
{
write-host "The User "  $userLogin  " has direct permissions "  $roleDefinition.Name
}
else
{
write-host "The User "  $userLogin  " has permissions "  $roleDefinition.Name  " given via "  $roles[$i].Member.ToString()
                                }
}
}
}
$site.Dispose()
}
if($help) { GetHelp; Continue }
else { RahulCheckEffectivePermissionsInAllWebs }

I hope this will help you out.

Thanks,
Rahul Rashu

How to find out the user who deployed or updated a solution in sharepoint

Hi All,

I have observed a very growing requirement is to find out which user has deployed a solution or updated in sharepoint. This is of high importance when there are many administrators assigned to do such activities in sharepoint farm. So upon some research and help I am mentioning a way that is very useful in this regard.
In this article I am defining the steps based on a feature definition and a wsp file. Here are the steps needs to be followed:
1. Login to the database.
2. Go to the config database and select new query.
3. Now we will find out the information about a solution solution1.wsp so we will execute this query:
Select * From Objects With(NoLock)where Name = 'solution1.wsp'
4. In the result returned our focus will be on the column "Properties" .
5.Copy the contents and paste it somewhere in notepad. There are many properties exposed through this however we will focus on these 3:


<sFld type="String" name="m_LastUpdatedUser">
<sFld type="String" name="m_LastUpdatedMachine">
<sFld type="DateTime" name="m_LastUpdatedTime">
6. As their names are already clear the first one shows the user name who has last updated it.The second one is the server where it was last updated. The third one shows the time when it was last updated. The last two information is available through UI as well.

In case of feature definitions we need to know the guid of the same. So this can be taken from the feature.xml file under the features folder. Then the following query can be executed:

Select * From Objects With(NoLock) where ID='Guid'

The output and next steps can be followed in the same way.

I hope this will help you out.

Thanks,
Rahul Rashu

Wednesday 7 December 2011

How to check effective permissions of a user in each site in a site collection in Sharepoint 2007 and Sharepoint 2010

Hi,

I have observed that one of a tedious task for a sharepoint site administrator to check permissions of a user in each site in a site collection. Microsoft Admin Toolkit has provided a functionality that can be used to check effective permissions. This can be downloaded at http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=14227 for MOSS 2007 but it provides the way to check permissions only at a site, list and list item level. There is no way to use this at a single run for all sites in a site collection.
Hence to do this I have prepared the following code. It works with both MOSS 2007 and SPS 2010. This takes 2 input values. The first is the url of the site collection and the second one is the userlogin. The user login should be in the form of Domain\Username.


using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Linq;
using System.Text;
using System.Web;
using Microsoft.SharePoint;
using Microsoft.Office.Server;
using Microsoft.Office.Server.UserProfiles;

namespace RahulCheckEffectivePermissionsInAllWebs
{
    class Program
    {
        static void Main(string[] args)
        {

            try
            {
                Console.WriteLine("This tool will chcek the effective permissions of a user");
                Console.WriteLine("Please enter the url of the site collection");
                String url = Console.ReadLine();
                Console.WriteLine("Please enter the username of the user");
                String userName = Console.ReadLine();
                using (SPSite site = new SPSite(url))
                {
                    ServerContext serverContext = ServerContext.GetContext(site);
                    UserProfileManager userProfileManager = new UserProfileManager(serverContext);
                    UserProfile userProfile = userProfileManager.GetUserProfile(userName);
                    String userLogin = userProfile[PropertyConstants.AccountName].Value.ToString();
                    SPWebCollection webs = site.AllWebs;
                    foreach (SPWeb web in webs)
                    {
                        SPPermissionInfo permissionInfo = web.GetUserEffectivePermissionInfo(userLogin);


                        Collection<SPRoleAssignment> roles = permissionInfo.RoleAssignments;
                        Console.WriteLine("Now checking the permissions of the user " + userLogin + " " + "in the site " + web.Url);
                        for (int i = 0; i < roles.Count; i++)
                        {

                            SPRoleDefinitionBindingCollection bRoles = roles[i].RoleDefinitionBindings;

                            foreach (SPRoleDefinition roleDefinition in bRoles)
                            {

                                if (roles[i].Member.ToString().Contains('\\'))
                                {
                                    Console.WriteLine("The User " + userLogin + " has direct permissions " + roleDefinition.Name);
                                }
                                else
                                {
                                    Console.WriteLine("The User " + userLogin + " has permissions " + roleDefinition.Name + " given via " + roles[i].Member.ToString());
                                }


                            }

                        }


                    }
                    Console.WriteLine("Execution Completed");
                    Console.ReadLine();
                }
            }
             catch(Exception e)
            {
                Console.WriteLine(e.Message);
                Console.WriteLine(e.StackTrace);
             }
        }
     
   
    }
    }
I hope this will help you out.

Thanks,
Rahul Rashu

Sunday 4 December 2011

Profile Synchronisation Jobs not updating user details in Sharepoint 2007 sites

Hi,

I have seen that many site admins periodically reports the issue of Profile Synchronisation jobs not updating the details of their users in the sharepoint site. In all the cases people have reported that the user details were updated in AD and the details were updated in SSP as well after profile import. However the same was not updated in site.
So I am mentioning some points here about this issue:

1. The profile synchronisation jobs responsible for updating these details from SSP to sites only updates details for the active users.
2. The active users are considered as the users who have carried out any change in the site ever in any form of add, update or delete.
3. The active users are marked at the database level. In the content database there is a table UserInfo used to store details of all site users.
4. In this table there is a column named as "tp_IsActive". This column is a type of bit column and will carry the values 0 or 1. the value 1 stands for an active user and 0 for an inactive user.  Refer this:
http://msdn.microsoft.com/en-us/library/c6244ace-4199-450d-a215-d37fa591159d(v=PROT.13)#active_user

Now to get this to work following steps can be taken:

1. Ask the user to carry out any changes in the site collection.
2. Try resolving his correct name by adding him to any any user group.
3. If the first way is not feasible because of your security policies and second is not working out to you then delete the user from site collection and add him once again.

I hope this will help you out.

Thanks,
Rahul Rashu

Friday 2 December 2011

How to Remove the option of changing views in a list in Sharepoint

Hi,

Recently someone asked me to provide a way to hide the option of navigating between views in a list.
This can be done by following the simple steps defined below:

1. Open the site in sharepoint designer.
2. Navigate down to the list in question.
3. Check out the AllItems.aspx page which you want to modify and double click on it.
4. Now in the list viewer webpart right click and select "Convert to XSLT dataview".















5. Now select the portion that shows the views dropdown. It will be the Sharepoint view selector Menu as shown











6. Add the attribute visible="false" as shown.
7. Check in the page and you are good to go.

I hope this will help you out.

Thanks,
Rahul Rashu