Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Introduction
The best PowerShell script that I have found to date for inventorying a site collection's user and group permissions is one developed by Guru Karnik and published in this TechNet Wiki posting. It runs against one site collection at a time and conveniently outputs its results to a CSV file. The site collection URL and path to where to write the output file are entered from the command line. Output lists the following properties:
- SiteURL [Url to site collection or subweb]
- SiteTitle [name of site collection or subweb]
- ObjectType [site, list, document library]
- ObjectUrl [relative to site collection URL]
- ListTitle [NA if site or subweb]
- MemberName [simple name of user or group]
- MemberLoginName [claims-based name of user or simple group name]
- MemberType [SPUser, SPGroup, SPGroupMember]
- JobTitle [NA if SPUser or SPGroup, or blank if SPGroupMember]
- Department
- ParentGroup
- GroupOwner [NA if type SPUser or not set, otherwise as set]
- RoleDefinitionBindings [Full Control, Design, Read, Restricted Read, etc, etc]
Though this script was originally developed by Guru for SharePoint 2010, I have found it to successfully execute against SharePoint 2013.
Reference
- SharePoint 2010: Export All Unique Permissions from Site Collection using PowerShell
- SharePoint Permission Analyzer
- SharePoint 2013–Generating Unique Permissions Report
- SharePoint 2010 Permission Report: Check Access Rights for a Specific User
- Powershell get permission on SPSite/SPweb (and all list)