Powershell script to display unique permissions for all subsites and lists

Requirement

Display security permissions for site collection, subsites, and lists/libraries in each site.

Solution

This can be achieved by a simple powershell script. To use it, you must modify the $site variable to point to your site collection.

Syntax: <script name>.ps1 | out-file c:\permissions.txt

#Add SharePoint PowerShell SnapIn if not already added
if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null) {
Add-PSSnapin "Microsoft.SharePoint.PowerShell"
}

#Define variables
$site = Get-SPSite "http://<site collection>"

#Get all subsites for site collection
$web = $site.AllWebs

#Loop through each subsite and write permissions

foreach ($web in $web)
{
if (($web.permissions -ne $null) -and ($web.hasuniqueroleassignments -eq "True"))
{
Write-Output "****************************************"
Write-Output "Displaying site permissions for: $web"
$web.permissions | fl member, basepermissions
}
elseif ($web.hasuniqueroleassignments -ne "True")
{
Write-Output "****************************************"
Write-Output "Displaying site permissions for: $web"
"$web inherits permissions from $site"
}

#Loop through each list in each subsite and get permissions

foreach ($list in $web.lists)
{
$unique = $list.hasuniqueroleassignments
if (($list.permissions -ne $null) -and ($unique -eq "True"))
{
Write-Output "****************************************"
Write-Output "Displaying Lists permissions for: $web \ $list"
$list.permissions | fl member, basepermissions
}
elseif ($unique -ne "True") {
Write-Output "$web \ $list inherits permissions from $web"
}
}
}
Write-Host "Finished."
$site.dispose()
$web.dispose()
$unique.dispose()


The output you get will look something like this:


****************************************
Displaying site permissions for: Intranet

Member : domain\administrator
BasePermissions : ViewFormPages, Open, BrowseUserInfo, UseClientIntegration, Us
eRemoteAPIs
Intranet \ Brands inherits permissions from Intranet
Intranet \ Content and Structure Reports inherits permissions from Intranet
****************************************
Displaying Lists permissions for: Intranet \ News

Member : domain\domain users
BasePermissions : ViewListItems, OpenItems, ViewVersions, ViewFormPages, Open,
ViewPages, CreateSSCSite, BrowseUserInfo, UseClientIntegratio
n, UseRemoteAPIs, CreateAlerts
Intranet \ Pages inherits permissions from Intranet
Intranet \ PDFs inherits permissions from Intranet
****************************************
Displaying site permissions for: About Company
About Company inherits permissions from SPSite Url=http://my.company/intranet
About Company \ Documents inherits permissions from About Company
Displaying Lists permissions for: About Company\ Images

Member : domain\administrator
BasePermissions : ViewFormPages, Open, BrowseUserInfo, UseClientIntegration, Us
eRemoteAPIs


As you can see, the script only displays the permissions of subsites and lists that are unique.

Tags: ,

2 Responses to “Powershell script to display unique permissions for all subsites and lists”

  1. Ian Hayse September 1, 2011 at 12:31 am #

    thanks for the hints!

    Code Markup for wordpress will help posted code not bleed outside your posts.

    http://thunderguy.com/semicolon/wordpress/code-markup-wordpress-plugin/

  2. Andrew Toh September 8, 2011 at 3:38 pm #

    Hey, thanks for the tip too 🙂 Fixed!

Leave a Reply

%d bloggers like this: