none
Powershell code to give show all folders a user has access to

    질문

  • Hi

    Does anyone have a Powershell script that I could run to get all objects (folders) that a user has permissions to,  for in a site ?

    Thanks


    2012년 6월 1일 금요일 오후 4:33

답변

  • For the original Get-SPUserEffectivePermissions you need to add the following line after $itemPermissions is set and include it in your output:

    $folderPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists | %{$_.Folders | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)}}

    That works and I've tested it.

    2012년 10월 1일 월요일 오후 6:53

모든 응답

  • This might be help check this link 

    http://sp2010userperm.codeplex.com/

    function Get-SPUserEffectivePermissions(
    object[]$users, 
    Microsoft.SharePoint.SPSecurableObject$InputObject) {

    begin { }
    process {
    $so = $InputObject
    if ($so -eq $null) { $so = $_ }

    if ($so -isnot Microsoft.SharePoint.SPSecurableObject) {
    throw "A valid SPWeb, SPList, or SPListItem must be provided."
    }

    foreach ($user in $users) {
    # Set the users login name
    $loginName = $user
    if ($user -is [Microsoft.SharePoint.SPUser] -or $user -is [PSCustomObject]) {
    $loginName = $user.LoginName
    }
    if ($loginName -eq $null) {
    throw "The provided user is null or empty. Specify a valid SPUser object or login name."
    }

    # Get the users permission details.
    $permInfo = $so.GetUserEffectivePermissionInfo($loginName)

    # Determine the URL to the securable object being evaluated
    $resource = $null
    if ($so -is Microsoft.SharePoint.SPWeb) {
    $resource = $so.Url
    } elseif ($so -is Microsoft.SharePoint.SPList) {
    $resource = $so.ParentWeb.Site.MakeFullUrl($so.RootFolder.ServerRelativeUrl)
    } elseif ($so -is Microsoft.SharePoint.SPListItem) {
    $resource = $so.ParentList.ParentWeb.Site.MakeFullUrl($so.Url)
    }

    # Get the role assignments and iterate through them
    $roleAssignments = $permInfo.RoleAssignments
    if ($roleAssignments.Count -gt 0) {
    foreach ($roleAssignment in $roleAssignments) {
    $member = $roleAssignment.Member

    # Build a string array of all the permission level names
    $permName = @()
    foreach ($definition in $roleAssignment.RoleDefinitionBindings) {
    $permName += $definition.Name
    }

    # Determine how the users permissions were assigned
    $assignment = "Direct Assignment"
    if ($member -is Microsoft.SharePoint.SPGroup) {
    $assignment = $member.Name
    } else {
    if ($member.IsDomainGroup -and ($member.LoginName -ne $loginName)) {
    $assignment = $member.LoginName
    }
    }

    # Create a hash table with all the data
    $hash = @{
    Resource = $resource
    "Resource Type" = $so.GetType().Name
    User = $loginName
    Permission = $permName -join ", "
    "Granted By" = $assignment
    }

    # Convert the hash to an object and output to the pipeline
    New-Object PSObject -Property $hash
    }
    }
    }
    }
    end {}
    }

    Thanks

    Rik Patel


    • 편집됨 Patel Rik 2012년 6월 1일 금요일 오후 7:00
    • 답변으로 제안됨 Dmitry Kaloshin 2012년 6월 4일 월요일 오전 11:07
    • 답변으로 제안 취소됨 orange juice jones 2012년 6월 6일 수요일 오전 9:00
    2012년 6월 1일 금요일 오후 6:59
  • Hi

    Will this code display all objects including FOLDERS a specific user has access to ? I couldnt see that option in the command lines.

    Thanks


    2012년 6월 6일 수요일 오전 8:16
  • Define your path 

    # Determine the URL to the securable object being evaluated
    $resource = $null
    if ($so -is Microsoft.SharePoint.SPWeb) {
    $resource = $so.Url
    } elseif ($so -is Microsoft.SharePoint.SPList) {
    $resource = $so.ParentWeb.Site.MakeFullUrl($so.RootFolder.ServerRelativeUrl)
    } elseif ($so -is Microsoft.SharePoint.SPListItem) {
    $resource = $so.ParentList.ParentWeb.Site.MakeFullUrl($so.Url)
    }

    Regards

    Rik

    2012년 6월 6일 수요일 오후 12:42
  • Hi and thanks for the code, unfortunately getting errors :

    PS C:\Windows\system32> $user = "SGROUP\jonesp"
    $site = $gc | Get-SPSite http://sp20103
    
    $resource = $null
     if ($so -is Microsoft.SharePoint.SPWeb) {
     $resource = $so.Url
     } elseif ($so -is Microsoft.SharePoint.SPList) {
     $resource = $so.ParentWeb.Site.MakeFullUrl($so.RootFolder.ServerRelativeUrl)
     } elseif ($so -is Microsoft.SharePoint.SPListItem) {
     $resource = $so.ParentList.ParentWeb.Site.MakeFullUrl($so.Url)
     }
    You must provide a value expression on the right-hand side of the '-is' operator.
    At line:5 char:10
    
    Unexpected token 'Microsoft.SharePoint.SPWeb' in expression or statement.
    At line:5 char:14
    
    You must provide a value expression on the right-hand side of the '-is' operator.
    At line:7 char:16
    
    Unexpected token 'Microsoft.SharePoint.SPList' in expression or statement.
    At line:7 char:20
    
    You must provide a value expression on the right-hand side of the '-is' operator.
    At line:9 char:16
    
    Unexpected token 'Microsoft.SharePoint.SPListItem' in expression or statement.
    At line:9 char:20


    2012년 6월 6일 수요일 오후 1:19
  • For a single user on all list item in a site collection:

    $user = "YOUR DOMAIN\YOUR USER"

    $site = $gc | Get-SPSite YOURSITECOLLECTIONURL
    $site | Get-SPWeb -Limit All | %{$_.Lists | %{$_.Items | Get-SPUserEffectivePermissions $user}} | Out-GridView -Title "List Item Permissions for $user"

    For a single user on all webs/subwebs and lists/librarys in a site collection:

    $user = "YOUR DOMAIN\YOUR USER"

    $site = $gc | Get-SPSite YOURSITECOLLECTIONURL
    $webPermissions = $site | Get-SPWeb –Limit All | Get-SPUserEffectivePermissions $user
    $listPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists | Get-SPUserEffectivePermissions $user}
    $webPermissions + $listPermissions | Out-GridView -Title "Web, List, and Item Permissions for $user in $($site.Url)"
    $gc | Stop-SPAssignment

    Regards

    Rik


    • 편집됨 Patel Rik 2012년 6월 6일 수요일 오후 2:28
    2012년 6월 6일 수요일 오후 2:25
  • Hi

    The two bits of code supplied are from the website you mentioned earlier and i've tried these already but they do not give folder permissions. So i'm back at square one.. It must be possible, but how ?

    2012년 6월 6일 수요일 오후 7:47
  • # Get the role assignments and iterate through them
    $roleAssignments = $permInfo.RoleAssignments
    if ($roleAssignments.Count -gt 0) {
    foreach ($roleAssignment in $roleAssignments) {
    $member = $roleAssignment.Member

    # Determine how the users permissions were assigned

    $assignment = "Direct Assignment"
    if ($member -is Microsoft.SharePoint.SPGroup) {
    $assignment = $member.Name
    } else {
    if ($member.IsDomainGroup -and ($member.LoginName -ne $loginName)) {
    $assignment = $member.LoginName
    }
    }


    • 편집됨 Patel Rik 2012년 6월 6일 수요일 오후 8:54
    2012년 6월 6일 수요일 오후 8:14
  • Idera has a free admin toolkit that does this through its permissions analyzer:
    http://www.idera.com/Free-Tools/SharePoint-admin-toolset/

    I haven't tested it out yet, but I've heard it is good.


    • 편집됨 Donia Strand 2012년 6월 6일 수요일 오후 8:51
    2012년 6월 6일 수요일 오후 8:50
  • Hi

    Has anyone tried the tool http://www.idera.com/Free-Tools/SharePoint-admin-toolset/

    Is it safe, as it requires install on server ?

    Thanks

    2012년 6월 9일 토요일 오후 4:27
  • As I said, I haven't tried it, but Idera is one of the most well-known SharePoint third party diagnostic and add-in companies. (AvePoint and Quest are others).

    They've also won a lot of awards for their products, see this excerpt for their SP Performance Diagnostic tools:
    http://www.metastore.eu/systems/products/idera-toolset/317-idera-sharepoint-toolset-best-of-connections-2010.html

    So saying, if you've got a test box, try it out on that. I think that's what I'll do. When it installs on the server (WFE) it is installing a web service.

    2012년 6월 12일 화요일 오후 3:15
  • For the original Get-SPUserEffectivePermissions you need to add the following line after $itemPermissions is set and include it in your output:

    $folderPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists | %{$_.Folders | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)}}

    That works and I've tested it.

    2012년 10월 1일 월요일 오후 6:53