if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null)
{
Add-PSSnapin "Microsoft.SharePoint.PowerShell"
}
Function GetUserAccessReport($WebAppURL, $FileUrl)
{
#Get All Site Collections of the WebApp
$SiteCollections = Get-SPSite -WebApplication $WebAppURL -Limit All
#Write CSV- TAB Separated File) Header
"URL `t Site/List `t Title `t PermissionType `t Permissions/AD Group `t LoginName" | out-file $FileUrl
#Check Web Application Policies
$WebApp= Get-SPWebApplication $WebAppURL
#Loop through all site collections
foreach($Site in $SiteCollections)
{
#Loop throuh all Sub Sites
foreach($Web in $Site.AllWebs)
{
if($Web.HasUniqueRoleAssignments -eq $True)
{
#Get all the users granted permissions to the list
foreach($WebRoleAssignment in $Web.RoleAssignments )
{
#Is it a User Account?
if($WebRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user
$WebUserPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebUserPermissions += $RoleDefinition.Name +";"
}
write-host "with these permissions: " $WebUserPermissions
#Send the Data to Log file
"$($Web.Url) `t Site `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions) `t $($WebRoleAssignment.Member.DisplayName)” | Out-File $FileUrl -Append
}
#Its a SharePoint Group, So search inside the group and check if the user is member of that group
else
{
foreach($user in $WebRoleAssignment.member.users)
{
#Get the Group’s Permissions on site
$WebGroupPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebGroupPermissions += $RoleDefinition.Name +”;”
}
#write-host “Group has these permissions: ” $WebGroupPermissions
#Send the Data to Log file
“$($Web.Url) `t Site `t $($Web.Title)`t Member of $($WebRoleAssignment.Member.Name) Group `t $($WebGroupPermissions) `t $($user.DisplayName)" | Out-File $FileUrl -Append
}
}
}
}
#******** Check Lists with Unique Permissions Here , I comment $List.HasUniqueRoleAssignments -eq $True if you want commentout line for uniqu permission ********/
foreach($List in $Web.lists)
{
if( ($List.Hidden -eq $false)) #$List.HasUniqueRoleAssignments -eq $True -and
{
#Get all the users granted permissions to the list
foreach($ListRoleAssignment in $List.RoleAssignments )
{
#Is it a User Account?
if($ListRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user
$ListUserPermissions=@()
foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)
{
$ListUserPermissions += $RoleDefinition.Name +";"
}
#write-host "with these permissions: " $ListUserPermissions
#Send the Data to Log file
"$($List.ParentWeb.Url)/$($List.RootFolder.Url) `t $($List.BaseType) `t $($List.Title)`t Direct Permission1 `t $($ListUserPermissions) `t $($ListRoleAssignment.Member.DisplayName)” | Out-File $FileUrl -Append
}
#Its a SharePoint Group, So search inside the group and check if the user is member of that group
else
{
foreach($user in $ListRoleAssignment.member.users)
{
#Get the Group’s Permissions on site
$ListGroupPermissions=@()
foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)
{
$ListGroupPermissions += $RoleDefinition.Name +”;”
}
#write-host “Group has these permissions: ” $ListGroupPermissions
#Send the Data to Log file
“$($Web.Url)/$($List.RootFolder.Url) `t $($List.BaseType) `t $($List.Title)`t Member of $($ListRoleAssignment.Member.Name) Group `t $($user.DisplayName) `t $($user.DisplayName)” | Out-File $FileUrl -Append
}
}
}
}
}
}
}
}
GetUserAccessReport "http://win-2016" "D:\users_PermisionReport.csv";
No comments:
Post a Comment