none
Powershell code to give show all folders a user has access to

    Question

  • Hi

    Does anyone have a Powershell script that I could run to get all objects (folders) that a user has permissions to,  for in a site ?

    Thanks


    Friday, June 01, 2012 4:33 PM

Answers

  • For the original Get-SPUserEffectivePermissions you need to add the following line after $itemPermissions is set and include it in your output:

    $folderPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists | %{$_.Folders | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)}}

    That works and I've tested it.

    Monday, October 01, 2012 6:53 PM

All replies

  • This might be help check this link 

    http://sp2010userperm.codeplex.com/

    function Get-SPUserEffectivePermissions(
    object[]$users, 
    Microsoft.SharePoint.SPSecurableObject$InputObject) {

    begin { }
    process {
    $so = $InputObject
    if ($so -eq $null) { $so = $_ }

    if ($so -isnot Microsoft.SharePoint.SPSecurableObject) {
    throw "A valid SPWeb, SPList, or SPListItem must be provided."
    }

    foreach ($user in $users) {
    # Set the users login name
    $loginName = $user
    if ($user -is [Microsoft.SharePoint.SPUser] -or $user -is [PSCustomObject]) {
    $loginName = $user.LoginName
    }
    if ($loginName -eq $null) {
    throw "The provided user is null or empty. Specify a valid SPUser object or login name."
    }

    # Get the users permission details.
    $permInfo = $so.GetUserEffectivePermissionInfo($loginName)

    # Determine the URL to the securable object being evaluated
    $resource = $null
    if ($so -is Microsoft.SharePoint.SPWeb) {
    $resource = $so.Url
    } elseif ($so -is Microsoft.SharePoint.SPList) {
    $resource = $so.ParentWeb.Site.MakeFullUrl($so.RootFolder.ServerRelativeUrl)
    } elseif ($so -is Microsoft.SharePoint.SPListItem) {
    $resource = $so.ParentList.ParentWeb.Site.MakeFullUrl($so.Url)
    }

    # Get the role assignments and iterate through them
    $roleAssignments = $permInfo.RoleAssignments
    if ($roleAssignments.Count -gt 0) {
    foreach ($roleAssignment in $roleAssignments) {
    $member = $roleAssignment.Member

    # Build a string array of all the permission level names
    $permName = @()
    foreach ($definition in $roleAssignment.RoleDefinitionBindings) {
    $permName += $definition.Name
    }

    # Determine how the users permissions were assigned
    $assignment = "Direct Assignment"
    if ($member -is Microsoft.SharePoint.SPGroup) {
    $assignment = $member.Name
    } else {
    if ($member.IsDomainGroup -and ($member.LoginName -ne $loginName)) {
    $assignment = $member.LoginName
    }
    }

    # Create a hash table with all the data
    $hash = @{
    Resource = $resource
    "Resource Type" = $so.GetType().Name
    User = $loginName
    Permission = $permName -join ", "
    "Granted By" = $assignment
    }

    # Convert the hash to an object and output to the pipeline
    New-Object PSObject -Property $hash
    }
    }
    }
    }
    end {}
    }

    Thanks

    Rik Patel


    Friday, June 01, 2012 6:59 PM
  • Hi

    Will this code display all objects including FOLDERS a specific user has access to ? I couldnt see that option in the command lines.

    Thanks


    Wednesday, June 06, 2012 8:16 AM
  • Define your path 

    # Determine the URL to the securable object being evaluated
    $resource = $null
    if ($so -is Microsoft.SharePoint.SPWeb) {
    $resource = $so.Url
    } elseif ($so -is Microsoft.SharePoint.SPList) {
    $resource = $so.ParentWeb.Site.MakeFullUrl($so.RootFolder.ServerRelativeUrl)
    } elseif ($so -is Microsoft.SharePoint.SPListItem) {
    $resource = $so.ParentList.ParentWeb.Site.MakeFullUrl($so.Url)
    }

    Regards

    Rik

    Wednesday, June 06, 2012 12:42 PM
  • Hi and thanks for the code, unfortunately getting errors :

    PS C:\Windows\system32> $user = "SGROUP\jonesp"
    $site = $gc | Get-SPSite http://sp20103
    
    $resource = $null
     if ($so -is Microsoft.SharePoint.SPWeb) {
     $resource = $so.Url
     } elseif ($so -is Microsoft.SharePoint.SPList) {
     $resource = $so.ParentWeb.Site.MakeFullUrl($so.RootFolder.ServerRelativeUrl)
     } elseif ($so -is Microsoft.SharePoint.SPListItem) {
     $resource = $so.ParentList.ParentWeb.Site.MakeFullUrl($so.Url)
     }
    You must provide a value expression on the right-hand side of the '-is' operator.
    At line:5 char:10
    
    Unexpected token 'Microsoft.SharePoint.SPWeb' in expression or statement.
    At line:5 char:14
    
    You must provide a value expression on the right-hand side of the '-is' operator.
    At line:7 char:16
    
    Unexpected token 'Microsoft.SharePoint.SPList' in expression or statement.
    At line:7 char:20
    
    You must provide a value expression on the right-hand side of the '-is' operator.
    At line:9 char:16
    
    Unexpected token 'Microsoft.SharePoint.SPListItem' in expression or statement.
    At line:9 char:20


    Wednesday, June 06, 2012 1:19 PM
  • For a single user on all list item in a site collection:

    $user = "YOUR DOMAIN\YOUR USER"

    $site = $gc | Get-SPSite YOURSITECOLLECTIONURL
    $site | Get-SPWeb -Limit All | %{$_.Lists | %{$_.Items | Get-SPUserEffectivePermissions $user}} | Out-GridView -Title "List Item Permissions for $user"

    For a single user on all webs/subwebs and lists/librarys in a site collection:

    $user = "YOUR DOMAIN\YOUR USER"

    $site = $gc | Get-SPSite YOURSITECOLLECTIONURL
    $webPermissions = $site | Get-SPWeb –Limit All | Get-SPUserEffectivePermissions $user
    $listPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists | Get-SPUserEffectivePermissions $user}
    $webPermissions + $listPermissions | Out-GridView -Title "Web, List, and Item Permissions for $user in $($site.Url)"
    $gc | Stop-SPAssignment

    Regards

    Rik


    • Edited by Patel Rik Wednesday, June 06, 2012 2:28 PM
    Wednesday, June 06, 2012 2:25 PM
  • Hi

    The two bits of code supplied are from the website you mentioned earlier and i've tried these already but they do not give folder permissions. So i'm back at square one.. It must be possible, but how ?

    Wednesday, June 06, 2012 7:47 PM
  • # Get the role assignments and iterate through them
    $roleAssignments = $permInfo.RoleAssignments
    if ($roleAssignments.Count -gt 0) {
    foreach ($roleAssignment in $roleAssignments) {
    $member = $roleAssignment.Member

    # Determine how the users permissions were assigned

    $assignment = "Direct Assignment"
    if ($member -is Microsoft.SharePoint.SPGroup) {
    $assignment = $member.Name
    } else {
    if ($member.IsDomainGroup -and ($member.LoginName -ne $loginName)) {
    $assignment = $member.LoginName
    }
    }


    • Edited by Patel Rik Wednesday, June 06, 2012 8:54 PM
    Wednesday, June 06, 2012 8:14 PM
  • Idera has a free admin toolkit that does this through its permissions analyzer:
    http://www.idera.com/Free-Tools/SharePoint-admin-toolset/

    I haven't tested it out yet, but I've heard it is good.


    Wednesday, June 06, 2012 8:50 PM
  • Hi

    Has anyone tried the tool http://www.idera.com/Free-Tools/SharePoint-admin-toolset/

    Is it safe, as it requires install on server ?

    Thanks

    Saturday, June 09, 2012 4:27 PM
  • As I said, I haven't tried it, but Idera is one of the most well-known SharePoint third party diagnostic and add-in companies. (AvePoint and Quest are others).

    They've also won a lot of awards for their products, see this excerpt for their SP Performance Diagnostic tools:
    http://www.metastore.eu/systems/products/idera-toolset/317-idera-sharepoint-toolset-best-of-connections-2010.html

    So saying, if you've got a test box, try it out on that. I think that's what I'll do. When it installs on the server (WFE) it is installing a web service.

    Tuesday, June 12, 2012 3:15 PM
  • For the original Get-SPUserEffectivePermissions you need to add the following line after $itemPermissions is set and include it in your output:

    $folderPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists | %{$_.Folders | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)}}

    That works and I've tested it.

    Monday, October 01, 2012 6:53 PM