locked
View ALL User/Group Permissions across a Site Collection RRS feed

  • Question

  • Hello:

    I am trying to clean up the permissions on an existing SharePoint 2013 site. To do this, I need to be able to view all of a user or group's permissions -- even unique and as granular as the item level -- across a site collection. Is there a way to to this out of the box, or does it require a plug-in? I really don't want to have to go through every site, library, list, etc, and view the permissions. IS there a good way to do this? I'm baffled, and every article I find seems to talk about how to grant permissions of view permissions for a site, library, list, which I know how to do. I am baffled.

    Friday, December 11, 2015 10:25 PM

Answers

    • Proposed as answer by Patrick_Liang Monday, December 14, 2015 6:02 AM
    • Marked as answer by Dennis Guo Tuesday, December 22, 2015 1:27 AM
    Sunday, December 13, 2015 2:26 AM
  • Hi Rick,

    It would be tedious if we do such job manually, I fully understand the frustration you may have because there is no such OOTB feature provided in SharePoint 2013 for this requirement currently.

    The quickest way to view all of a user or group's permissions would be using PowerShell, actually, it has become an important administrative tool for IT guys to manage a SharePoint farm. Mike’s and krishana’s suggestions would be very helpful if you can run PowerShell in your environment.

    Also, I would suggest you submit a feedback to the Office Developer Platform if there any expectation about the future version of SharePoint:

    http://officespdev.uservoice.com/   

    It is a place for customers provide feedback about Microsoft Office products. What’s more, if a feedback is high voted there by other customers, it will be promising that Microsoft Product Team will take it into consideration when designing the next version in the future.

    Thanks for your understanding.

    Best regards

    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Proposed as answer by Dennis Guo Friday, December 18, 2015 9:21 AM
    • Marked as answer by Dennis Guo Tuesday, December 22, 2015 1:27 AM
    Tuesday, December 15, 2015 12:06 PM

All replies

    • Proposed as answer by Patrick_Liang Monday, December 14, 2015 6:02 AM
    • Marked as answer by Dennis Guo Tuesday, December 22, 2015 1:27 AM
    Sunday, December 13, 2015 2:26 AM
  • Hi Rick,

    use the script below to get all the Permission details for your site collection, you can save it as .ps1 and execute it like


    filenameofScript.ps1 | out-file C:\permissionsDetails.txt

    #Add SharePoint PowerShell SnapIn 
    if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null) {
    Add-PSSnapin "Microsoft.SharePoint.PowerShell"
    }

    #Give your Site Collection URL 
    $site = Get-SPSite "http://<site collection>"

    #will get all the sub webs for site collection you given
    $web = $site.AllWebs

    #Go through each subsite and get the permission details

    foreach ($web in $web)
    {
    if (($web.permissions -ne $null) -and ($web.hasuniqueroleassignments -eq "True"))
    {
    Write-Output "##########################################"
    Write-Output "Displaying site permissions for: $web"
    $web.permissions | fl member, basepermissions
    }
    elseif ($web.hasuniqueroleassignments -ne "True")
    {
    Write-Output "##########################################"
    Write-Output "Displaying site permissions for: $web"
    "$web inherits permissions from $site"
    }

    #Loop through all list in in every subsite

    foreach ($list in $web.lists)
    {
    $unique = $list.hasuniqueroleassignments
    if (($list.permissions -ne $null) -and ($unique -eq "True"))
    {
    Write-Output "###########################################"
    Write-Output "Displaying Lists permissions for: $web \ $list"
    $list.permissions | fl member, basepermissions
    }
    elseif ($unique -ne "True") {
    Write-Output "$web \ $list inherits permissions from $web"
    }
    }
    }
    Write-Host "Site Permissin details report completed."

    $ReadValue =Read-Host "Press any Key to Close."

    $site.dispose()
    $web.dispose()
    $unique.dispose()


    KRISHANA KUMAR

    SharePoint Architect

    Mosstechnet-kk.com

     

    Please click "Mark As Answer" if this post solves your problem or "Vote As Helpful" if it was useful

    Sunday, December 13, 2015 6:39 PM
  • Thanks for all of your responses. Unfortunately, I don't have the Central Administration access or the expertise to run PowerShell scripts even if I did. I am a Project Manager working for a government agency that has its SharePoint technical layer and "support" in a silo, and the agency has very little internal expertise and virtually no resources for support other than keeping the servers running, backed up, and loaded with the latest patches. Unfortunately, this means that this kind of work falls to people like me, who understand enough to keep things going, but not enough expertise or time to get under the hood.

    This also means that 3rd-party software is out of the question, as they would have to install it. They are basically unwilling to allow or support anything other than out-of-the-box functionality, which they barely understand as it is. I can't understand why this type of functionality isn't part of the SharePoint software, it just shows how poorly Microsoft understands its users and the actual daily challenges we face.

    Sadly, I still have the task to cleaning up the site collection for our project, something I will have to do manually. SharePoint is powerful and does many things well, but managing access is not one of them. Are you listening Microsoft?

    Monday, December 14, 2015 6:39 PM
  • Hi Rick,

    It would be tedious if we do such job manually, I fully understand the frustration you may have because there is no such OOTB feature provided in SharePoint 2013 for this requirement currently.

    The quickest way to view all of a user or group's permissions would be using PowerShell, actually, it has become an important administrative tool for IT guys to manage a SharePoint farm. Mike’s and krishana’s suggestions would be very helpful if you can run PowerShell in your environment.

    Also, I would suggest you submit a feedback to the Office Developer Platform if there any expectation about the future version of SharePoint:

    http://officespdev.uservoice.com/   

    It is a place for customers provide feedback about Microsoft Office products. What’s more, if a feedback is high voted there by other customers, it will be promising that Microsoft Product Team will take it into consideration when designing the next version in the future.

    Thanks for your understanding.

    Best regards

    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Proposed as answer by Dennis Guo Friday, December 18, 2015 9:21 AM
    • Marked as answer by Dennis Guo Tuesday, December 22, 2015 1:27 AM
    Tuesday, December 15, 2015 12:06 PM