Step 1: Create The Function
==========================================
function Get-SPUserEffectivePermissions(
[object[]]$users,
[Microsoft.SharePoint.SPSecurableObject]$InputObject) {
begin { }
process {
$so = $InputObject
if ($so -eq $null) { $so = $_ }
if ($so -isnot [Microsoft.SharePoint.SPSecurableObject]) {
throw "A valid SPWeb, SPList, or SPListItem must be provided."
}
foreach ($user in $users) {
# Set the users login name
$loginName = $user
if ($user -is [Microsoft.SharePoint.SPUser] -or $user -is [PSCustomObject]) {
$loginName = $user.LoginName
}
if ($loginName -eq $null) {
throw "The provided user is null or empty. Specify a valid SPUser object or login name."
}
# Get the users permission details.
$permInfo = $so.GetUserEffectivePermissionInfo($loginName)
# Determine the URL to the securable object being evaluated
$resource = $null
if ($so -is [Microsoft.SharePoint.SPWeb]) {
$resource = $so.Url
} elseif ($so -is [Microsoft.SharePoint.SPList]) {
$resource = $so.ParentWeb.Site.MakeFullUrl($so.RootFolder.ServerRelativeUrl)
} elseif ($so -is [Microsoft.SharePoint.SPListItem]) {
$resource = $so.ParentList.ParentWeb.Site.MakeFullUrl($so.Url)
}
# Get the role assignments and iterate through them
$roleAssignments = $permInfo.RoleAssignments
if ($roleAssignments.Count -gt 0) {
foreach ($roleAssignment in $roleAssignments) {
$member = $roleAssignment.Member
# Build a string array of all the permission level names
$permName = @()
foreach ($definition in $roleAssignment.RoleDefinitionBindings) {
$permName += $definition.Name
}
# Determine how the users permissions were assigned
$assignment = "Direct Assignment"
if ($member -is [Microsoft.SharePoint.SPGroup]) {
$assignment = $member.Name
} else {
if ($member.IsDomainGroup -and ($member.LoginName -ne $loginName)) {
$assignment = $member.LoginName
}
}
# Create a hash table with all the data
$hash = @{
Resource = $resource
"Resource Type" = $so.GetType().Name
User = $loginName
Permission = $permName -join ", "
"Granted By" = $assignment
}
# Convert the hash to an object and output to the pipeline
New-Object PSObject -Property $hash
}
}
}
}
end {}
}
==========================================
Step 2: Call the Function to generate the Report
To Get site collection Permission
$gc = Start-SPAssignment
$site = $gc | Get-SPSite http://mysite/sites/demant
$webPermissions = $site | Get-SPWeb –Limit All | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)
#$listPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists |? {$_.GetType().Name -ne "SPDocumentLibrary" -and -not $_.hidden} | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)}
$webPermissions | Export-Csv -NoTypeInformation -Path c:\perms_Site.csv
$gc | Stop-SPAssignment
To Get List Permission
$gc = Start-SPAssignment
$site = $gc | Get-SPSite http://mysite/sites/demant
#$webPermissions = $site | Get-SPWeb –Limit All | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)
$listPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists |? {$_.GetType().Name -ne "SPDocumentLibrary" -and -not $_.hidden} | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)}
$listPermissions | Export-Csv -NoTypeInformation -Path c:\perms_List.csv
$gc | Stop-SPAssignment
To Get Doc Lib Permission
$gc = Start-SPAssignment
$site = $gc | Get-SPSite http://mysite/sites/demant
#$webPermissions = $site | Get-SPWeb –Limit All | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)
$listPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists |? {$_.GetType().Name -eq "SPDocumentLibrary" -and -not $_.Hidden -and $SystemLists =@("Pages", "Converted Forms", "Master Page Gallery", "Customized Reports", "Documents", "Form Templates", "Images", "List Template Gallery", "Theme Gallery", "Reporting Templates", "Site Collection Documents", "Site Collection Images", "Site Pages", "Solution Gallery", "Style Library", "Web Part Gallery","Site Assets", "wfpub")} | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)}
$listPermissions | Export-Csv -NoTypeInformation -Path c:\perms_List.csv
$gc | Stop-SPAssignment
To Get allSites, List & Document Library Permission (Without Hidden Doc Lib & Lists)
$gc = Start-SPAssignment
$site = $gc | Get-SPSite http://mysite/sites/demant
$webPermissions = $site | Get-SPWeb –Limit All | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)
$listDocLibPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists |? {$_.GetType().Name -eq "SPDocumentLibrary" -and -not $_.hidden} | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)}
$listPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists |? {$_.GetType().Name -ne "SPDocumentLibrary" -and -not $_.hidden} | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)}
#$ItemPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists | %{$_.Items | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)}}
#$folderPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists | %{$_.Folders | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)}}
$webPermissions + $listDocLibPermissions + $listPermissions | Export-Csv -NoTypeInformation -Path c:\perms_ab_Final.csv
$gc | Stop-SPAssignment
==========================================
function Get-SPUserEffectivePermissions(
[object[]]$users,
[Microsoft.SharePoint.SPSecurableObject]$InputObject) {
begin { }
process {
$so = $InputObject
if ($so -eq $null) { $so = $_ }
if ($so -isnot [Microsoft.SharePoint.SPSecurableObject]) {
throw "A valid SPWeb, SPList, or SPListItem must be provided."
}
foreach ($user in $users) {
# Set the users login name
$loginName = $user
if ($user -is [Microsoft.SharePoint.SPUser] -or $user -is [PSCustomObject]) {
$loginName = $user.LoginName
}
if ($loginName -eq $null) {
throw "The provided user is null or empty. Specify a valid SPUser object or login name."
}
# Get the users permission details.
$permInfo = $so.GetUserEffectivePermissionInfo($loginName)
# Determine the URL to the securable object being evaluated
$resource = $null
if ($so -is [Microsoft.SharePoint.SPWeb]) {
$resource = $so.Url
} elseif ($so -is [Microsoft.SharePoint.SPList]) {
$resource = $so.ParentWeb.Site.MakeFullUrl($so.RootFolder.ServerRelativeUrl)
} elseif ($so -is [Microsoft.SharePoint.SPListItem]) {
$resource = $so.ParentList.ParentWeb.Site.MakeFullUrl($so.Url)
}
# Get the role assignments and iterate through them
$roleAssignments = $permInfo.RoleAssignments
if ($roleAssignments.Count -gt 0) {
foreach ($roleAssignment in $roleAssignments) {
$member = $roleAssignment.Member
# Build a string array of all the permission level names
$permName = @()
foreach ($definition in $roleAssignment.RoleDefinitionBindings) {
$permName += $definition.Name
}
# Determine how the users permissions were assigned
$assignment = "Direct Assignment"
if ($member -is [Microsoft.SharePoint.SPGroup]) {
$assignment = $member.Name
} else {
if ($member.IsDomainGroup -and ($member.LoginName -ne $loginName)) {
$assignment = $member.LoginName
}
}
# Create a hash table with all the data
$hash = @{
Resource = $resource
"Resource Type" = $so.GetType().Name
User = $loginName
Permission = $permName -join ", "
"Granted By" = $assignment
}
# Convert the hash to an object and output to the pipeline
New-Object PSObject -Property $hash
}
}
}
}
end {}
}
==========================================
Step 2: Call the Function to generate the Report
To Get site collection Permission
$gc = Start-SPAssignment
$site = $gc | Get-SPSite http://mysite/sites/demant
$webPermissions = $site | Get-SPWeb –Limit All | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)
#$listPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists |? {$_.GetType().Name -ne "SPDocumentLibrary" -and -not $_.hidden} | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)}
$webPermissions | Export-Csv -NoTypeInformation -Path c:\perms_Site.csv
$gc | Stop-SPAssignment
To Get List Permission
$gc = Start-SPAssignment
$site = $gc | Get-SPSite http://mysite/sites/demant
#$webPermissions = $site | Get-SPWeb –Limit All | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)
$listPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists |? {$_.GetType().Name -ne "SPDocumentLibrary" -and -not $_.hidden} | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)}
$listPermissions | Export-Csv -NoTypeInformation -Path c:\perms_List.csv
$gc | Stop-SPAssignment
To Get Doc Lib Permission
$gc = Start-SPAssignment
$site = $gc | Get-SPSite http://mysite/sites/demant
#$webPermissions = $site | Get-SPWeb –Limit All | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)
$listPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists |? {$_.GetType().Name -eq "SPDocumentLibrary" -and -not $_.Hidden -and $SystemLists =@("Pages", "Converted Forms", "Master Page Gallery", "Customized Reports", "Documents", "Form Templates", "Images", "List Template Gallery", "Theme Gallery", "Reporting Templates", "Site Collection Documents", "Site Collection Images", "Site Pages", "Solution Gallery", "Style Library", "Web Part Gallery","Site Assets", "wfpub")} | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)}
$listPermissions | Export-Csv -NoTypeInformation -Path c:\perms_List.csv
$gc | Stop-SPAssignment
To Get allSites, List & Document Library Permission (Without Hidden Doc Lib & Lists)
$gc = Start-SPAssignment
$site = $gc | Get-SPSite http://mysite/sites/demant
$webPermissions = $site | Get-SPWeb –Limit All | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)
$listDocLibPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists |? {$_.GetType().Name -eq "SPDocumentLibrary" -and -not $_.hidden} | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)}
$listPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists |? {$_.GetType().Name -ne "SPDocumentLibrary" -and -not $_.hidden} | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)}
#$ItemPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists | %{$_.Items | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)}}
#$folderPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists | %{$_.Folders | Get-SPUserEffectivePermissions ($site.RootWeb.SiteUsers | select LoginName)}}
$webPermissions + $listDocLibPermissions + $listPermissions | Export-Csv -NoTypeInformation -Path c:\perms_ab_Final.csv
$gc | Stop-SPAssignment
No comments:
Post a Comment