none
SharePoint 2013 - SharePoint Permissions Report - RRS feed

  • Question

  • Hello Community!

    I am working in SharePoint 2013and I am running a Permission Security Report using PowerShell.  I have PowerShell access to all the databases in the farm. 

    Add-PSSnapin Microsoft.SharePoint.PowerShell
    
    cls
    [void][System.Reflection.Assembly]::LoadWithPartialName
    ("Microsoft.SharePoint")
    $SPSiteUrl = "https://mymightyfinedomain/sites/mymightyfinesite"
    $SPSite = New-Object Microsoft.SharePoint.SPSite($SPSiteUrl);
    $ExportFile = "C:\root\Permissions.csv" 
    "Web Title,Web URL,List Title,User or Group,Role,Inherited" | out-file $ExportFile 
    foreach ($WebPath in $SPSite.AllWebs)
    {
       if ($WebPath.HasUniqueRoleAssignments)
            {
              $SPRoles = $WebPath.RoleAssignments;
              foreach ($SPRole in $SPRoles)
              {
                foreach ($SPRoleDefinition in $SPRole.RoleDefinitionBindings)
                {
                    $WebPath.Title + "," + $WebPath.Url + "," + "N/A" + "," +
    $SPRole.Member.Name + "," + $SPRoleDefinition.Name + "," +
    $WebPath.HasUniqueRoleAssignments | out-file $ExportFile -append
                }
              }
            }           
            foreach ($List in $WebPath.Lists)
            {
               if ($List.HasUniqueRoleAssignments)
               {
                 $SPRoles = $List.RoleAssignments;
                 foreach ($SPRole in $SPRoles)
                 {
                   foreach ($SPRoleDefinition in $SPRole.RoleDefinitionBindings)
                   {
                        $WebPath.Title + "," + $WebPath.Url + "," + $List.Title + "," +
    $SPRole.Member.Name + "," + $SPRoleDefinition.Name | out-file $ExportFile -append
                   }
                 }
               }
            }
    }
    $SPSite.Dispose();

    Here is the error message I get when I run the code:

    Microsoft.SharePoint
    The following exception occurred while trying to enumerate the collection: "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))".
    At F:\Scripts\Get-SPFarmSecurityReport2.ps1:10 char:22
    + foreach ($WebPath in $SPSite.AllWebs)
    +                      ~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [], ExtendedTypeSystemException
        + FullyQualifiedErrorId : ExceptionInGetEnumerator

    Has anyone else seen this problem?  If so, please provide guidance and examples.

    Thanks!

    Tom


    Tom Molskow - Senior SharePoint Architect - Microsoft Community Contributor 2011 and 2012 Award - Linked-In - SharePoint Gypsy

    Tuesday, August 6, 2019 5:24 PM

Answers

  • I just made for single web application, try adding the account your are facing issue with and give it a try.

    $webApp = Get-SPWebApplication http://portal.contoso.com
    $webApp.GrantAccessToProcessIdentity("DOMAIN\svcacct-contoso")
    Thanks & Regards,


    sharath aluri

    • Marked as answer by Tom Molskow Friday, August 9, 2019 12:31 PM
    Tuesday, August 6, 2019 8:40 PM

All replies

  • Try running the below code and try.

    $webApp = $db.WebApplication
    $user = $env:USERDOMAIN+"\"+$env:USERNAME
    $webApp.GrantAccessToProcessIdentity($user)

    If the above still doesn't work for you then try adding yourself in User Policy with Full Control

    Thanks & Regards,


    sharath aluri


    Tuesday, August 6, 2019 5:27 PM
  • @Sharath - OK, here's what I ran:

    Add-PSSnapin Microsoft.SharePoint.PowerShell
    
    cls
    
    $webApp = $db.WebApplication
    $user = $env:USERDOMAIN+"\"+$env:USERNAME
    $webApp.GrantAccessToProcessIdentity($user)

    Here's the error I got:

    You cannot call a method on a null-valued expression.
    At line:7 char:1
    + $webApp.GrantAccessToProcessIdentity($user)
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
        + FullyQualifiedErrorId : InvokeMethodOnNull


    Tom Molskow - Senior SharePoint Architect - Microsoft Community Contributor 2011 and 2012 Award - Linked-In - SharePoint Gypsy

    Tuesday, August 6, 2019 7:58 PM
  • I just made for single web application, try adding the account your are facing issue with and give it a try.

    $webApp = Get-SPWebApplication http://portal.contoso.com
    $webApp.GrantAccessToProcessIdentity("DOMAIN\svcacct-contoso")
    Thanks & Regards,


    sharath aluri

    • Marked as answer by Tom Molskow Friday, August 9, 2019 12:31 PM
    Tuesday, August 6, 2019 8:40 PM
  • @Sharath - this is what I ran

    Add-PSSnapin Microsoft.SharePoint.PowerShell
    
    cls
    
    $webApp = Get-SPWebApplication https://bentest.bhcorp.ad
    $webApp.GrantAccessToProcessIdentity("bhcorp\tomolsko_sa")

    this is the error I got:

    Exception calling "GrantAccessToProcessIdentity" with "1" argument(s): "The EXECUTE permission was denied on the object 'proc_LogChange', database 'SPS_Content_SourceWorksDev', 
    schema 'dbo'."
    At line:6 char:1
    + $webApp.GrantAccessToProcessIdentity("bhcorp\tomolsko_sa")
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : SqlException


    Tom Molskow - Senior SharePoint Architect - Microsoft Community Contributor 2011 and 2012 Award - Linked-In - SharePoint Gypsy

    Tuesday, August 6, 2019 10:01 PM
  • Seems like this database SPS_Content_SourceWorksDev doesn't have dbowner access or assigned schema to it. make sure that db has dbowner permissions.

    Thanks & Regards,


    sharath aluri

    Tuesday, August 6, 2019 10:22 PM
  • Hi Tom, 

    Do as Sharath said, then right click SharePoint 2013 Management Shell or Windows PowerShell ISE, choose "run as administrator". 

    Best Regards, 

    Lisa Chen



    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.



    Wednesday, August 7, 2019 2:40 AM
    Moderator
  • @ Lisa - I will try that today and LYK

    Tom Molskow - Senior SharePoint Architect - Microsoft Community Contributor 2011 and 2012 Award - Linked-In - SharePoint Gypsy

    Wednesday, August 7, 2019 1:09 PM
  • @Sharath - I will try that today and LYK

    Tom Molskow - Senior SharePoint Architect - Microsoft Community Contributor 2011 and 2012 Award - Linked-In - SharePoint Gypsy

    Wednesday, August 7, 2019 1:10 PM
  • Hi Tom, 

    If there is anything update, feel free to let us know. 

    Best Regards, 

    Lisa Chen 


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Thursday, August 8, 2019 6:28 AM
    Moderator
  • @Lisa - still waiting for the DBA to assign permissions

    Tom Molskow - Senior SharePoint Architect - Microsoft Community Contributor 2011 and 2012 Award - Linked-In - SharePoint Gypsy

    Thursday, August 8, 2019 1:48 PM
  • @All - yep, that worked

    Tom Molskow - Senior SharePoint Architect - Microsoft Community Contributor 2011 and 2012 Award - Linked-In - SharePoint Gypsy

    Friday, August 9, 2019 12:30 PM