Hi,
I have observed that one of a tedious task for a sharepoint site administrator to check permissions of a user in each site in a site collection. Microsoft Admin Toolkit has provided a functionality that can be used to check effective permissions. This can be downloaded at http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=14227 for MOSS 2007 but it provides the way to check permissions only at a site, list and list item level. There is no way to use this at a single run for all sites in a site collection.
Hence to do this I have prepared the following code. It works with both MOSS 2007 and SPS 2010. This takes 2 input values. The first is the url of the site collection and the second one is the userlogin. The user login should be in the form of Domain\Username.
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Linq;
using System.Text;
using System.Web;
using Microsoft.SharePoint;
using Microsoft.Office.Server;
using Microsoft.Office.Server.UserProfiles;
namespace RahulCheckEffectivePermissionsInAllWebs
{
class Program
{
static void Main(string[] args)
{
try
{
Console.WriteLine("This tool will chcek the effective permissions of a user");
Console.WriteLine("Please enter the url of the site collection");
String url = Console.ReadLine();
Console.WriteLine("Please enter the username of the user");
String userName = Console.ReadLine();
using (SPSite site = new SPSite(url))
{
ServerContext serverContext = ServerContext.GetContext(site);
UserProfileManager userProfileManager = new UserProfileManager(serverContext);
UserProfile userProfile = userProfileManager.GetUserProfile(userName);
String userLogin = userProfile[PropertyConstants.AccountName].Value.ToString();
SPWebCollection webs = site.AllWebs;
foreach (SPWeb web in webs)
{
SPPermissionInfo permissionInfo = web.GetUserEffectivePermissionInfo(userLogin);
Collection<SPRoleAssignment> roles = permissionInfo.RoleAssignments;
Console.WriteLine("Now checking the permissions of the user " + userLogin + " " + "in the site " + web.Url);
for (int i = 0; i < roles.Count; i++)
{
SPRoleDefinitionBindingCollection bRoles = roles[i].RoleDefinitionBindings;
foreach (SPRoleDefinition roleDefinition in bRoles)
{
if (roles[i].Member.ToString().Contains('\\'))
{
Console.WriteLine("The User " + userLogin + " has direct permissions " + roleDefinition.Name);
}
else
{
Console.WriteLine("The User " + userLogin + " has permissions " + roleDefinition.Name + " given via " + roles[i].Member.ToString());
}
}
}
}
Console.WriteLine("Execution Completed");
Console.ReadLine();
}
}
catch(Exception e)
{
Console.WriteLine(e.Message);
Console.WriteLine(e.StackTrace);
}
}
}
}
I hope this will help you out.
Thanks,
Rahul Rashu
I have observed that one of a tedious task for a sharepoint site administrator to check permissions of a user in each site in a site collection. Microsoft Admin Toolkit has provided a functionality that can be used to check effective permissions. This can be downloaded at http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=14227 for MOSS 2007 but it provides the way to check permissions only at a site, list and list item level. There is no way to use this at a single run for all sites in a site collection.
Hence to do this I have prepared the following code. It works with both MOSS 2007 and SPS 2010. This takes 2 input values. The first is the url of the site collection and the second one is the userlogin. The user login should be in the form of Domain\Username.
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Linq;
using System.Text;
using System.Web;
using Microsoft.SharePoint;
using Microsoft.Office.Server;
using Microsoft.Office.Server.UserProfiles;
namespace RahulCheckEffectivePermissionsInAllWebs
{
class Program
{
static void Main(string[] args)
{
try
{
Console.WriteLine("This tool will chcek the effective permissions of a user");
Console.WriteLine("Please enter the url of the site collection");
String url = Console.ReadLine();
Console.WriteLine("Please enter the username of the user");
String userName = Console.ReadLine();
using (SPSite site = new SPSite(url))
{
ServerContext serverContext = ServerContext.GetContext(site);
UserProfileManager userProfileManager = new UserProfileManager(serverContext);
UserProfile userProfile = userProfileManager.GetUserProfile(userName);
String userLogin = userProfile[PropertyConstants.AccountName].Value.ToString();
SPWebCollection webs = site.AllWebs;
foreach (SPWeb web in webs)
{
SPPermissionInfo permissionInfo = web.GetUserEffectivePermissionInfo(userLogin);
Collection<SPRoleAssignment> roles = permissionInfo.RoleAssignments;
Console.WriteLine("Now checking the permissions of the user " + userLogin + " " + "in the site " + web.Url);
for (int i = 0; i < roles.Count; i++)
{
SPRoleDefinitionBindingCollection bRoles = roles[i].RoleDefinitionBindings;
foreach (SPRoleDefinition roleDefinition in bRoles)
{
if (roles[i].Member.ToString().Contains('\\'))
{
Console.WriteLine("The User " + userLogin + " has direct permissions " + roleDefinition.Name);
}
else
{
Console.WriteLine("The User " + userLogin + " has permissions " + roleDefinition.Name + " given via " + roles[i].Member.ToString());
}
}
}
}
Console.WriteLine("Execution Completed");
Console.ReadLine();
}
}
catch(Exception e)
{
Console.WriteLine(e.Message);
Console.WriteLine(e.StackTrace);
}
}
}
}
I hope this will help you out.
Thanks,
Rahul Rashu
No comments:
Post a Comment