SharePoint 2010: How to Check Effective Permissions of a User in Each Site in a Site Collection
We have observed that one of a tedious task for a SharePoint site administrator to check permissions of a user in each site in a site collection. Microsoft Admin Toolkit has provided a functionality that can be used to check effective permissions.
This can be downloaded at http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=14227 for MOSS 2007 but it provides the way to check permissions only at a site, list and list item level. There is no way to use this at a single run for all sites in a site collection.
Hence to do this we have prepared the following code. It works with both MOSS 2007 and SPS 2010. This takes two input values. The first is the URL of the site collection and the second one is the user login. The user login should be in the form of Domain\Username.
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Linq;
using System.Text;
using System.Web;
using Microsoft.SharePoint;
using Microsoft.Office.Server;
using Microsoft.Office.Server.UserProfiles;
namespace RahulCheckEffectivePermissionsInAllWebs
{
class Program
{
static void Main(string[] args)
{
try
{
Console.WriteLine( "This tool will chcek the effective permissions of a user" );
Console.WriteLine( "Please enter the url of the site collection" );
String url = Console.ReadLine();
Console.WriteLine( "Please enter the username of the user" );
String userName = Console.ReadLine();
using (SPSite site = new SPSite(url))
{
ServerContext serverContext = ServerContext.GetContext(site);
UserProfileManager userProfileManager = new UserProfileManager(serverContext);
UserProfile userProfile = userProfileManager.GetUserProfile(userName);
String userLogin = userProfile[PropertyConstants.AccountName].Value.ToString();
SPWebCollection webs = site.AllWebs;
foreach (SPWeb web in webs)
{
SPPermissionInfo permissionInfo = web.GetUserEffectivePermissionInfo(userLogin);
Collection<SPRoleAssignment> roles = permissionInfo.RoleAssignments;
Console.WriteLine( "Now checking the permissions of the user " + userLogin + " " + "in the site " + web.Url);
for (int i = 0; i < roles.Count; i++)
{
SPRoleDefinitionBindingCollection bRoles = roles[i].RoleDefinitionBindings;
foreach (SPRoleDefinition roleDefinition in bRoles)
{
if (roles[i].Member.ToString().Contains('\\'))
{
Console.WriteLine( "The User " + userLogin + " has direct permissions " + roleDefinition.Name);
}
else
{
Console.WriteLine( "The User " + userLogin + " has permissions " + roleDefinition.Name + " given via " + roles[i].Member.ToString());
}
}
}
}
Console.WriteLine( "Execution Completed" );
Console.ReadLine();
}
}
catch (Exception e)
{
Console.WriteLine(e.Message);
Console.WriteLine(e.StackTrace);
}
}
}
}