Share via


List of securable objects (sites and lists) that have unique permission

In SharePoint, a securable object is a site, list, library, folder, document, or item for which permissions levels can be assigned to users or groups. By default, all lists and libraries within a site inherit permissions from the site. You can use list-level, folder-level, and item-level permissions to further control which users can view or interact with site content. For this, you must first break the permission inheritance before you change or assign permissions for that securable object. At any time you can also resume inheriting permissions from the parent list or site.

One of the site collection administrators asked how can I check if the sites and lists have unique permission or inherited permission from its parent? Going through each list and site to get this detail was a big time consuming task. Using SharePoint Object model, getting this detail should be an easy task. There are numerous ways to display this detail like creating a custom web part, a custom page or even output to a file. I decided to display this detail in the existing out of the box page, All Site Content page (viewlsts.aspx). It’s an application page that resides under ..\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\TEMPLATE\LAYOUTS. Having a custom column in that page makes task easy for an administrator to view all the details in one shot. 

Before we get into customizing this application page, we need to know in general how to customize application pages in the Layouts folder in SharePoint - https://support.microsoft.com/kb/944105. Now, let’s see how to customize viewlsts.aspx page. First, we need to add a custom column, name it "Is Inherited”. To do this add this snippet in that page.

 <SharePoint:UIVersionedContent UIVersion="4" runat="server">
  <ContentTemplate>
    <tr class="ms-vh2-nobg">
       ....
       <th scope="col" class="ms-vh2-nofilter" style="white-space:nowrap; width:25%;"><SharePoint:EncodedLiteral runat="server" text="Is Inherited" EncodeMethod='HtmlEncode'/></th>
     </tr>
   </ContentTemplate>
</SharePoint:UIVersionedContent>

Then we need to find out which are all the lists and sites that have unique roles assigned. For this, use a property called HasUniqueRoleAssignments - https://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spsecurableobject.hasuniqueroleassignments.aspx

In the viewlsts.aspx page, for list objects add,

 <% SPHttpUtility.NoEncode(spList.HasUniqueRoleAssignments, Response.Output);%>

To get web object that has unique roles assigned, add

 <%SPHttpUtility.HtmlEncode(webToDisplay.HasUniqueRoleAssignments.ToString(),Response.Output);%>