SharePoint 2013 TIP: Export All Unique Permissions from Site Collection using PowerShell
Introduction
The best PowerShell script that I have found to date for inventorying a site collection's user and group permissions is one developed by Guru Karnik and published in this TechNet Wiki posting. It runs against one site collection at a time and conveniently outputs its results to a CSV file. The site collection URL and path to where to write the output file are entered from the command line. Output lists the following properties:
- SiteURL [Url to site collection or subweb]
- SiteTitle [name of site collection or subweb]
- ObjectType [site, list, document library]
- ObjectUrl [relative to site collection URL]
- ListTitle [NA if site or subweb]
- MemberName [simple name of user or group]
- MemberLoginName [claims-based name of user or simple group name]
- MemberType [SPUser, SPGroup, SPGroupMember]
- JobTitle [NA if SPUser or SPGroup, or blank if SPGroupMember]
- Department
- ParentGroup
- GroupOwner [NA if type SPUser or not set, otherwise as set]
- RoleDefinitionBindings [Full Control, Design, Read, Restricted Read, etc, etc]
Though this script was originally developed by Guru for SharePoint 2010, I have found it to successfully execute against SharePoint 2013.
Reference
- SharePoint 2010: Export All Unique Permissions from Site Collection using PowerShell
- SharePoint Permission Analyzer
- SharePoint 2013–Generating Unique Permissions Report
- SharePoint 2010 Permission Report: Check Access Rights for a Specific User
- Powershell get permission on SPSite/SPweb (and all list)