none
How to find out permission inherited sites in share point 2010 RRS feed

  • Question

  • Hi All

    In our environment ,we have lot of site collections, subsites and sub-subsites .Their is a requirement to figure out the list of sites where it permissions getting inheritance from parent,and inheritance has to be stopped once list was outputted .  

    Do we have any script for this ?

    THX




    • Edited by Dhamley Wednesday, April 22, 2020 11:16 AM
    Wednesday, April 22, 2020 11:16 AM

Answers

  • Hi, Dhamley,

    $site.allwebs shall return all the sub sites under a site collection, including those sub-subsites. I tested the script in my end and works properly.

    I am not sure what you mean about change to True, for the if part, it shall be 

     if ( (!$web.HasUniqueRoleAssignments) -and ($web.IsRootWeb -eq $false))
    Do not forget the exclamation mark.

    Best Regards

    Jerry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    • Marked as answer by Dhamley Thursday, April 23, 2020 1:04 PM
    Thursday, April 23, 2020 9:32 AM

All replies

  • Delete Unique permissions on all lists:

    Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue
     
    #Variable for Web URL
    $WebURL ="https://intranet.crescent.com/marketing/"
     
    #get Web object
    $Web = Get-SPWeb $WebURL
     
    #Get Lists with Unique permissions - Exclude Hidden lists
    $ListColl =  $web.lists | Where-Object  {  ($_.HasUniqueRoleAssignments -eq $true)  -and ($_.hidden -eq $false) }
     
    #Enumerate through each list and reset permission inheritance
    foreach($list in $ListColl) #if($list) #Exists
     {
          #Reset list inheritance
          $list.ResetRoleInheritance()
          Write-host "Broken Inheritance Reset on List:" $list.Title
     }

    If the Items has Unique permissions in the Lists then first run the below script on respective lists.

    # Remove unique permissions on List Items:
    Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue
     
    #Variables for Web URL, List Name
    $WebURL ="https://intranet.crescent.com/marketing/"
    $ListName ="Invoices"
     
    #Get the list items with Unique permissions
    $ListItems = (Get-SPweb $WebURL).lists.TryGetList($ListName).Items | Where {$_.HasUniqueRoleAssignments}
     
    # If List Exists with Unique permission
    Foreach($ListItem in $ListItems)
     {
          #Reset broken list item inheritance
           $ListItem.ResetRoleInheritance()
          Write-host "Broken Inheritance Reset on List Item:" $ListItem.URL
     }

    Reset Inheritance at site level:

    Add-PSSnapin microsoft.sharepoint.powershell -ErrorAction SilentlyContinue
     
    #Variables for Web URL, List Name
    $WebURL ="https://intranet.crescent.com/marketing"
     
    #get the list object
    $web = Get-SPWeb $WebURL
     
    # Check if web has Unique permission - Root webs always uses Unique permission
    if ( ($web.HasUniqueRoleAssignments) -and ($web.IsRootWeb -eq $false ) )
     {
          #Reset broken inheritance
          $web.ResetRoleInheritance()
          Write-host "Broken Inheritance Reset on web:" $web.URL
     }

    Below article for your reference:

    https://www.sharepointdiary.com/2014/12/delete-unique-permissions-reset-broken-inheritance-using-powershell.html

    https://sharepoint.stackexchange.com/questions/184492/remove-unique-permissions-on-all-locations-on-site-sharepoint-2013

    Thanks & Regards,


    sharath aluri


    Wednesday, April 22, 2020 11:32 AM
  • Find All Sites and Lists with Unique Permissions:

    Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
     
     #Get All Web Applications
    $webApps = Get-SPWebApplication #"http://sharepoint.company.com"
     
    #Write Header to CSV File
    "Site/List `t Title `t URL" | out-file UniquePermissions.csv
     
    foreach ($webApp in $webApps)
    {
        foreach ($site in $webApp.Sites)
        {
           foreach ($web in $site.AllWebs)
            {
       if ( ($web.HasUniqueRoleAssignments) -and ($web.IsRootWeb -eq $false))
       {
          $result ="Site `t $($web.Title) `t $($web.Url)"
          $result | Out-File UniquePermissions.csv -Append
          #You can get the permissions applied by: $web.permissions | format-list member, basepermissions
       }
        foreach ($list in $web.Lists)
         {
         if (($list.HasUniqueRoleAssignments) -and ($list.Hidden -eq $false))
          {
            $result= "List `t $($list.Title) `t $($list.Url)"
            $result | Out-File UniquePermissions.csv -Append
          }
        }
        $web.Dispose()
      }
       $site.Dispose()
     }
     
    }
    

    Below article for your reference:

    https://www.sharepointdiary.com/2012/10/find-all-sites-and-lists-with-unique-permissions.html

    Thanks & Regards,


    sharath aluri

    Wednesday, April 22, 2020 11:36 AM
  • Thats cool...thank you !

    working on few changes ...the script has property "HasUniqueRoleAssignments".But according to my requirement i need list of sites where inheritance was not breaked up/// 

    does any property available for that ?

    THX




    • Edited by Dhamley Wednesday, April 22, 2020 1:27 PM
    Wednesday, April 22, 2020 1:26 PM
  • why do you need something like that ? you can filter from the above CSV file, get all lists and libraries from the site then try and compare both the reports. below article for getting report for all lists and libraries.

    https://www.sharepointdiary.com/2017/03/get-all-list-and-libraries-inventory-of-site-collection-using-powershell.html

    If you still need the script, you can try and run the below sample script and see.

    Add-Pssnapin Microsoft.SharePoint.PowerShell
    $SPSiteUrl = "http://portal.contoso/sites/shpt"
    $SPSite = New-Object Microsoft.SharePoint.SPSite($SPSiteUrl);
    $ExportFile = "C:\Site\Permissions.csv" 
    "Web Title,Web URL,List Title,User or Group,Role,Inherited" | out-file $ExportFile 
    foreach ($WebPath in $SPSite.AllWebs)
    {
       if ($WebPath.HasUniqueRoleAssignments)
            {
              $SPRoles = $WebPath.RoleAssignments;
              foreach ($SPRole in $SPRoles)
              {
                foreach ($SPRoleDefinition in $SPRole.RoleDefinitionBindings)
                {
                    $WebPath.Title + "," + $WebPath.Url + "," + "N/A" + "," +
    $SPRole.Member.Name + "," + $SPRoleDefinition.Name + "," +
    $WebPath.HasUniqueRoleAssignments | out-file $ExportFile -append
                }
              }
            }           
            foreach ($List in $WebPath.Lists)
            {
               if ($List.HasUniqueRoleAssignments)
               {
                 $SPRoles = $List.RoleAssignments;
                 foreach ($SPRole in $SPRoles)
                 {
                   foreach ($SPRoleDefinition in $SPRole.RoleDefinitionBindings)
                   {
                        $WebPath.Title + "," + $WebPath.Url + "," + $List.Title + "," +
    $SPRole.Member.Name + "," + $SPRoleDefinition.Name | out-file $ExportFile -append
                   }
                 }
               }
            }
    }
    $SPSite.Dispose();

    Thanks & Regards,


    sharath aluri


    Wednesday, April 22, 2020 1:47 PM
  • Hi, Dhamley,

    The following script will export a csv file of all sub sites inheriting permission from parent.  Remember to change the web application url.

    Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
     
     #Get All Web Applications
    $webApps = Get-SPWebApplication #"http://Sp10"
     
    #Write Header to CSV File
    "Site/List `t Title `t URL" | out-file UniquePermissions.csv
     
    foreach ($webApp in $webApps)
    {
        foreach ($site in $webApp.Sites)
        {
           foreach ($web in $site.AllWebs)
            {
       if ( (!$web.HasUniqueRoleAssignments) -and ($web.IsRootWeb -eq $false))
       {
          $result ="Site `t $($web.Title) `t $($web.Url)"
          $result | Out-File UniquePermissions.csv -Append
          #You can get the permissions applied by: $web.permissions | format-list member, basepermissions
       }
       
        $web.Dispose()
      }
       $site.Dispose()
     }
     
    }
      
    Reference: https://www.sharepointdiary.com/2012/10/find-all-sites-and-lists-with-unique-permissions.html

    HasUniqueRoleAssignments is a Boolean property. It is true means the sub site has unique permission. And vice versa, false means the site does not have unique permission.

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards

    Jerry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Thursday, April 23, 2020 2:55 AM
  • Hi Jerry

    Tried the below code as with suggested changes,

    ********************************************************************

    Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
     
     #Get All Web Applications
    $webApps = Get-SPWebApplication "http://sp-pc:1122"
     
    #Write Header to CSV File
    "Site/List `t Title `t URL" | out-file PermissionsInherited.csv
     
    foreach ($webApp in $webApps)
    {
        foreach ($site in $webApp.Sites)
        {
           foreach ($web in $site.AllWebs)
            {
       if ( ($web.HasUniqueRoleAssignments) -and ($web.IsRootWeb -eq $true))
       {
          $result ="Site `t $($web.Title) `t $($web.Url)"
          $result | Out-File PermissionsInherited.csv -Append
          #You can get the permissions applied by: $web.permissions | format-list member, basepermissions
       }
       
        $web.Dispose()
      }
       $site.Dispose()
     }
     
    }

    ********************************************************************

    when changed to true

    getting top level subsites ,hence its not looping sub-subsites

    ex:subsite1 ,subsite2 (could able to see)

    subsite1-2/3/4,  subsite2-2/3/4/ (unable to see)

    THX




    • Edited by Dhamley Thursday, April 23, 2020 9:02 AM
    Thursday, April 23, 2020 9:02 AM
  • Hi, Dhamley,

    $site.allwebs shall return all the sub sites under a site collection, including those sub-subsites. I tested the script in my end and works properly.

    I am not sure what you mean about change to True, for the if part, it shall be 

     if ( (!$web.HasUniqueRoleAssignments) -and ($web.IsRootWeb -eq $false))
    Do not forget the exclamation mark.

    Best Regards

    Jerry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    • Marked as answer by Dhamley Thursday, April 23, 2020 1:04 PM
    Thursday, April 23, 2020 9:32 AM
  • Browse to the Site Permissions page for a site (choose Site Actions→Site Settings→Site Permissions). ...
    Click the Stop Inheriting Permissions button in the Permission Tools tab Edit group. ...
    Click OK. ...
    Click the Grant Permissions button on the Ribbon to grant permissions to users and groups.
    Thursday, April 23, 2020 11:41 AM
  • Tq so much jerry ,its working !

    • Edited by Dhamley Thursday, April 23, 2020 1:20 PM
    Thursday, April 23, 2020 1:06 PM