Powershell script to display unique permissions for all subsites and lists

Administration

Powershell script to display unique permissions for all subsites and lists

Andrew Toh

Requirement

Display security permissions for site collection, subsites, and lists/libraries in each site.

Solution

This can be achieved by a simple powershell script. To use it, you must modify the $site variable to point to your site collection.

Syntax: <script name>.ps1 | out-file c:\permissions.txt
#Add SharePoint PowerShell SnapIn if not already added if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null) { Add-PSSnapin "Microsoft.SharePoint.PowerShell" }


#Define variables

$site = Get-SPSite "http://<site collection>"
#Get all subsites for site collection

$web = $site.AllWebs
		#Loop through each subsite and write permissions
			foreach ($web in $web)

			{

				if (($web.permissions -ne $null) -and ($web.hasuniqueroleassignments -eq "True"))

				{

					Write-Output "****************************************"

					Write-Output "Displaying site permissions for: $web"

					$web.permissions | fl member, basepermissions

				}

				elseif ($web.hasuniqueroleassignments -ne "True")

				{

					Write-Output "****************************************"

					Write-Output "Displaying site permissions for: $web"

					"$web inherits permissions from $site"

				}
		#Loop through each list in each subsite and get permissions
				foreach ($list in $web.lists)

				{

					$unique = $list.hasuniqueroleassignments

					if (($list.permissions -ne $null) -and ($unique -eq "True"))

				{

						Write-Output "****************************************"

						Write-Output "Displaying Lists permissions for: $web \ $list"

						$list.permissions | fl member, basepermissions

				}

				elseif ($unique -ne "True") {

						Write-Output "$web \ $list inherits permissions from $web"

				}

			}

	}

	Write-Host "Finished."

	$site.dispose()

	$web.dispose()

	$unique.dispose()

The output you get will look something like this:

**************************************** Displaying site permissions for: Intranet


Member          : domain\administrator

BasePermissions : ViewFormPages, Open, BrowseUserInfo, UseClientIntegration, Us

                  eRemoteAPIs

Intranet \ Brands inherits permissions from Intranet

Intranet \ Content and Structure Reports inherits permissions from Intranet

****************************************

Displaying Lists permissions for: Intranet \ News
Member          : domain\domain users

BasePermissions : ViewListItems, OpenItems, ViewVersions, ViewFormPages, Open,

                  ViewPages, CreateSSCSite, BrowseUserInfo, UseClientIntegratio

                  n, UseRemoteAPIs, CreateAlerts

Intranet \ Pages inherits permissions from Intranet

Intranet \ PDFs inherits permissions from Intranet

****************************************

Displaying site permissions for: About Company

About Company inherits permissions from SPSite Url=http://my.company/intranet

About Company \ Documents inherits permissions from About Company

Displaying Lists permissions for: About Company\ Images
Member          : domain\administrator

BasePermissions : ViewFormPages, Open, BrowseUserInfo, UseClientIntegration, Us

                  eRemoteAPIs

As you can see, the script only displays the permissions of subsites and lists that are unique.

Tagged: Powershell, Security

2 thoughts on “Powershell script to display unique permissions for all subsites and lists”

Ian Hayse says:

September 1, 2011 at 12:31 am

thanks for the hints!

Code Markup for wordpress will help posted code not bleed outside your posts.

http://thunderguy.com/semicolon/wordpress/code-markup-wordpress-plugin/

Andrew Toh says:

September 8, 2011 at 3:38 pm

Hey, thanks for the tip too 🙂 Fixed!