Hi,
I have observed that one of a tedious task for a sharepoint site administrator to check permissions of a user in each site in a site collection. Microsoft Admin Toolkit has provided a functionality that can be used to check effective permissions. This can be downloaded at http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=14227 for MOSS 2007 but it provides the way to check permissions only at a site, list and list item level. There is no way to use this at a single run for all sites in a site collection.
Hence to do this I have prepared the following powershell script. It works with both MOSS 2007 and SPS 2010. This takes 2 input values. The first is the url of the site collection and the second one is the userlogin. The user login should be in the form of Domain\Username
I hope this will help you out.
Thanks,
Rahul Rashu
I have observed that one of a tedious task for a sharepoint site administrator to check permissions of a user in each site in a site collection. Microsoft Admin Toolkit has provided a functionality that can be used to check effective permissions. This can be downloaded at http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=14227 for MOSS 2007 but it provides the way to check permissions only at a site, list and list item level. There is no way to use this at a single run for all sites in a site collection.
Hence to do this I have prepared the following powershell script. It works with both MOSS 2007 and SPS 2010. This takes 2 input values. The first is the url of the site collection and the second one is the userlogin. The user login should be in the form of Domain\Username
param([switch]$help)[void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")[void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server")[void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server.UserProfiles")[void][System.Reflection.Assembly]::LoadWithPartialName("System.Web")function GetHelp() {$HelpText = @"DESCRIPTION:This script will enumerate the permissions of the user in all webs under a site collection. This takes two input the user of the site collection and the username.Theusername should be given in Domain\username format."@$HelpText}function RahulCheckEffectivePermissionsInAllWebs() {write-host "This script will chcek the effective permissions of a user"write-host "Please enter the url of the site collection"$url = read-hostwrite-host "Please enter the username of the user"$userName = read-host$site = New-Object Microsoft.SharePoint.SPSite($url)$serverContext = [Microsoft.Office.Server.ServerContext]::GetContext($site)$userProfileManager = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager($serverContext)$userProfile = $userProfileManager.GetUserProfile($userName)$userLogin = $userProfile[[Microsoft.Office.Server.UserProfiles.PropertyConstants]::AccountName].Value.ToString()$webs = $site.AllWebsforeach ($web in $webs){$permissionInfo = $web.GetUserEffectivePermissionInfo($userLogin)$roles = $permissionInfo.RoleAssignmentswrite-host "Now checking the permissions of the user " $userLogin " " "in the site " $web.Urlfor ($i = 0; $i -lt $roles.Count; $i++){$bRoles = $roles[$i].RoleDefinitionBindingsforeach ($roleDefinition in $bRoles){ if ($roles[$i].Member.ToString().Contains('\')){write-host "The User " $userLogin " has direct permissions " $roleDefinition.Name}else{write-host "The User " $userLogin " has permissions " $roleDefinition.Name " given via " $roles[$i].Member.ToString() }}}}$site.Dispose()}if($help) { GetHelp; Continue }else { RahulCheckEffectivePermissionsInAllWebs }I hope this will help you out.
Thanks,
Rahul Rashu
No comments:
Post a Comment