How to Check Effective Permissions of a User in a Sharepoint Site
One of a tedious tasks for site administrators is to check all permissions provided to a user. I have seen administrators checking each and every user group to find out the permissions. To minimize efforts in this direction I have created this application. This will enlist all permissions for a user at the site level. I will soon extend this for the list, libraries and even item level for more ease in this direction. I am sharing my code here it works in both Sharepoint 2007 and Sharepoint 2010. This takes 2 input values during site execution. The first one is the URL of the site where you want to check the permissions and the next one is user ID.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Microsoft.SharePoint;
using System.Collections;
using Microsoft.Office.Server.UserProfiles;
using Microsoft.Office.Server;
namespace RahulCheckSitePermission
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("This tool will check the permissions of a user in the site specified");
Console.WriteLine("Please enter the URL of the site where you want to check the permissions");
String webUrl = Console.ReadLine();
Console.WriteLine("Please enter the userName");
String userName = Console.ReadLine();
try
{
using (SPSite site = new SPSite(webUrl))
{
using (SPWeb web = site.OpenWeb())
{
ServerContext serverContext = ServerContext.GetContext(site);
UserProfileManager userProfileManager = new UserProfileManager(serverContext);
UserProfile userProfile = userProfileManager.GetUserProfile(userName);
String userLogin = userProfile[PropertyConstants.AccountName].Value.ToString();
SPUserCollection groupUsers;
ArrayList userInGroups = new ArrayList();
userInGroups.Add(userLogin);
SPPrincipal userPrincipal;
SPGroupCollection groups = web.Groups;
foreach (SPGroup group in groups)
{
groupUsers = group.Users;
foreach (SPUser groupUser in groupUsers)
{
if (groupUser.Name.Equals(userLogin))
{
userInGroups.Add(group.Name);
break;
}
}
}
SPRoleAssignmentCollection roleCollection = web.RoleAssignments;
foreach (SPRoleAssignment role in roleCollection)
{
userPrincipal = role.Member;
for (int i = 0; i < userInGroups.Count; i++)
{
if (userInGroups[i].ToString().Equals(userPrincipal.Name))
{
SPRoleCollection roles = userPrincipal.Roles;
foreach (SPRole userrole in roles)
{
Console.WriteLine("The user " + userLogin + " has permissions of " + userrole.Name + " given via " + userPrincipal.Name);
}
}
}
}
Console.WriteLine("The execution completed");
Console.ReadLine();
}
}
}
catch (Exception e)
{
Console.WriteLine(e.Message);
Console.ReadLine();
}
}
}
}
The output will flash the message about each permissions.
I hope this will help you out.
Thanks,
Rahul Rashu