Share via


How to Check Effective Permissions of a User in a Sharepoint Site

One of a tedious tasks for site administrators is to check all permissions provided to a user. I have seen administrators checking each and every user group to find out the permissions. To minimize efforts in this direction I have created this application. This will enlist all permissions for a user at the site level. I will soon extend this for the list, libraries and even item level for more ease in this direction. I am sharing my code here it works in both Sharepoint 2007 and Sharepoint 2010. This takes 2 input values during site execution. The first one is the URL of the site where you want to check the permissions and the next one is user ID.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Microsoft.SharePoint;
using System.Collections;
using Microsoft.Office.Server.UserProfiles;
using Microsoft.Office.Server;
 
 
namespace RahulCheckSitePermission
{
    class Program
    {
        static void  Main(string[] args)
        {
            Console.WriteLine("This tool will check the permissions of a user in the site specified");
            Console.WriteLine("Please enter the URL of the site where you want to check the permissions");
            String webUrl = Console.ReadLine();
            Console.WriteLine("Please enter the userName");
            String userName = Console.ReadLine();
            try
            {
                using (SPSite site = new SPSite(webUrl))
                {
                    using (SPWeb web = site.OpenWeb())
                    {
                        ServerContext serverContext = ServerContext.GetContext(site);
                        UserProfileManager userProfileManager = new  UserProfileManager(serverContext);
                        UserProfile userProfile = userProfileManager.GetUserProfile(userName);
                        String userLogin = userProfile[PropertyConstants.AccountName].Value.ToString();
                        SPUserCollection groupUsers;
                        ArrayList userInGroups = new  ArrayList();
                        userInGroups.Add(userLogin);
                        SPPrincipal userPrincipal;
                        SPGroupCollection groups = web.Groups;
                        foreach (SPGroup group in groups)
                        {
                            groupUsers = group.Users;
                            foreach (SPUser groupUser in groupUsers)
                            {
                                if (groupUser.Name.Equals(userLogin))
                                {
                                    userInGroups.Add(group.Name);
                                    break;
                                }
                            }
                        }
                        SPRoleAssignmentCollection roleCollection = web.RoleAssignments;
                        foreach (SPRoleAssignment role in roleCollection)
                        {
                            userPrincipal = role.Member;
                            for (int i = 0; i < userInGroups.Count; i++)
                            {
                                if (userInGroups[i].ToString().Equals(userPrincipal.Name))
                                {
                                    SPRoleCollection roles = userPrincipal.Roles;
                                    foreach (SPRole userrole in roles)
                                    {
                                        Console.WriteLine("The user " + userLogin + " has permissions of " + userrole.Name + " given via " + userPrincipal.Name);
                                    }
                                }
                            }
 
 
                        }
                        Console.WriteLine("The execution completed");
                        Console.ReadLine();
                    }
                }
            }
            catch (Exception e)
            {
                Console.WriteLine(e.Message);
                Console.ReadLine();
            }
        }
    }
}

The output will flash the message about each permissions. 
I hope this will help you out.

Thanks,
Rahul Rashu