<#
******-----------------------------------------------------------------------******
Author -> Shiv Mangal Singh
Date -> 18 th July - 2017
Description -> This Script will generate all users permission from multiple site collection, Also include Unique Permission details across List & document library level(Folder & nth Level sub folder & Item Level)
Path of csv file->$FileUrl = "D:\contosoSS_MWTeam\Shiv\OperationScript\Report_18July_2017.CSV"
# Read All Site Collections from SiteColl.csv file
$SiteColl = Import-Csv "D:\contosoSS_MWTeam\Shiv\OperationScript\SiteColl.csv"
******-----------------------------------------------------------------------******
#>
# Read All Site Collections name from SiteColl.csv file
$SiteColl = Import-Csv "D:\contosoMW_Team\Shiv\PS\UsersPermission\SiteColl.csv"
$FileUrl = "D:\contosoMW_Team\Shiv\PS\UsersPermission\Report_18July_2017.CSV"
#Write CSV- TAB Separated File Header
"URl `t Site/List/item/folder `t Title `t PermissionType/Groups Name `t Permissions `t LoginName `t Email" | out-file $FileUrl
####************** Loop throuh all Site collection level **************####
foreach($sitename in $SiteColl.Url)
{
Write-Host $sitename.url
# Get site collection url
$site = Get-SPSite $sitename
Write-Host $site.Url
#Loop throuh all Sub Sites
foreach($Web in $site.AllWebs)
{
# Check the Unique Sub Sites under each Site Collection
if($Web.HasUniqueRoleAssignments -eq $true)
{
#Get Role assignement
foreach($WebRoleAssignment in $Web.RoleAssignments )
{
#Is it a User Account?
if($WebRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user
$WebUserPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url)`t Site `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions) `t $($WebRoleAssignment.Member.LoginName)`t $($WebRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
} # if loop closed
#Its a SharePoint Group, So search inside the group and check if the user is member of that group
else
{
foreach($user in $WebRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$WebGroupPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebGroupPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url) `t Site `t $($Web.Title)`t $($WebRoleAssignment.Member.Name) `t $($WebGroupPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
#$user foreach closed
} # else closed
}
###******************** Check Lists/libraries with Unique Permissions ********************************###
foreach($list in $Web.Lists)
{
# Check Unique lists/libraries under each sites
if($list.HasUniqueRoleAssignments -eq $true)
{
# to get the list Role Assignmnet
foreach($ListRoleAssignment in $List.RoleAssignments)
{
if($ListRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user
$ListUserPermissions=@()
foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)
{
$ListUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($list.ParentWeb.Url)/$($list.RootFolder.Url)`t List `t $($list.Title)`t Direct Permission `t $($ListUserPermissions) `t $($ListRoleAssignment.Member.LoginName)`t $($ListRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $ListRoleAssignment.Member.users)
{
#Get the Group's Permissions on list
$ListGrpUserPermissions=@()
foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)
{
$ListGrpUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($list.ParentWeb.Url)/$($list.RootFolder.Url) `t list `t $($list.Title)`t $($ListRoleAssignment.Member.Name) `t $($ListGrpUserPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
# To get item level permission
foreach($item in $list.Items)
{
if($item.HasUniqueRoleAssignments -eq $true)
{
foreach($itemRoleAssignment in $item.RoleAssignments)
{
if($itemRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at item level
$ItemUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url +"/"+$item.Url)`t Item `t $($item.Name)`t Direct Permission `t $($ItemUserPermissions) `t $($itemRoleAssignment.Member.LoginName)`t $($itemRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $itemRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$ItemGrpUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemGrpUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url +"/"+$item.Url) `t Item `t $($item.Name)`t $($itemRoleAssignment.Member.Name) `t $($ItemGrpUserPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
}# $item.HasUniqueRoleAssignments closing
} # $item Closing loop
# to get folder level permission
foreach($folder in $list.Folders)
{
if($folder.HasUniqueRoleAssignments -eq $true)
{
foreach($folderRoleAssignment in $folder.RoleAssignments)
{
if($folderRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at item level
$FolderUserPermissions=@()
foreach($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$FolderUserPermissions +=$RoleDefinition.Name + ";"
}
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct Permission `t $($FolderUserPermissions) `t $($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $folderRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$folderGroupRoleAssignment=@()
foreach ($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$folderGroupRoleAssignment += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t $($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
}
} # $folder closing loop
}# $list.HasUniqueRoleAssignments closing
else
{
############################ Checking Inheritaing lists/Libraries Unique Item level permission ############################
# To get item level permission for Inheritaing lists/Libraries
if($list.HasUniqueRoleAssignments -eq $false)
{
foreach($item in $list.Items)
{
if($item.HasUniqueRoleAssignments -eq $true)
{
foreach($itemRoleAssignment in $item.RoleAssignments)
{
if($itemRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at item level
$ItemUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url +"/"+$item.Url)`t Item `t $($item.Name)`t Direct Permission `t $($ItemUserPermissions) `t $($itemRoleAssignment.Member.LoginName)`t $($itemRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $itemRoleAssignment.Member.users)
{
#Get the Group's Permissions on item level
$ItemGrpUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemGrpUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url +"/"+$item.Url) `t Item `t $($item.Name)`t $($itemRoleAssignment.Member.Name) `t $($ItemGrpUserPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
}# $item.HasUniqueRoleAssignments closing
} # $item Closing loop
# To get folder level permission for Inheritaing lists/Libraries
foreach($folder in $list.Folders)
{
if($folder.HasUniqueRoleAssignments -eq $true)
{
foreach($folderRoleAssignment in $folder.RoleAssignments)
{
if($folderRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at folder level
$FolderUserPermissions=@()
foreach($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$FolderUserPermissions +=$RoleDefinition.Name + ";"
}
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct Permission `t $($FolderUserPermissions) `t $($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $folderRoleAssignment.Member.users)
{
#Get the Group's Permissions on folder
$folderGroupRoleAssignment=@()
foreach ($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$folderGroupRoleAssignment += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t $($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
}
} # $folder closing loop
}
############################ closing Inheriting lists/Libraries Unique Item level permission loop ############################
} #else closing
}# $list closing loop
}# $Web.HasUniqueRoleAssignments closing
} # $web closing loop
}
******-----------------------------------------------------------------------******
Author -> Shiv Mangal Singh
Date -> 18 th July - 2017
Description -> This Script will generate all users permission from multiple site collection, Also include Unique Permission details across List & document library level(Folder & nth Level sub folder & Item Level)
Path of csv file->$FileUrl = "D:\contosoSS_MWTeam\Shiv\OperationScript\Report_18July_2017.CSV"
# Read All Site Collections from SiteColl.csv file
$SiteColl = Import-Csv "D:\contosoSS_MWTeam\Shiv\OperationScript\SiteColl.csv"
******-----------------------------------------------------------------------******
#>
# Read All Site Collections name from SiteColl.csv file
$SiteColl = Import-Csv "D:\contosoMW_Team\Shiv\PS\UsersPermission\SiteColl.csv"
$FileUrl = "D:\contosoMW_Team\Shiv\PS\UsersPermission\Report_18July_2017.CSV"
#Write CSV- TAB Separated File Header
"URl `t Site/List/item/folder `t Title `t PermissionType/Groups Name `t Permissions `t LoginName `t Email" | out-file $FileUrl
####************** Loop throuh all Site collection level **************####
foreach($sitename in $SiteColl.Url)
{
Write-Host $sitename.url
# Get site collection url
$site = Get-SPSite $sitename
Write-Host $site.Url
#Loop throuh all Sub Sites
foreach($Web in $site.AllWebs)
{
# Check the Unique Sub Sites under each Site Collection
if($Web.HasUniqueRoleAssignments -eq $true)
{
#Get Role assignement
foreach($WebRoleAssignment in $Web.RoleAssignments )
{
#Is it a User Account?
if($WebRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user
$WebUserPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url)`t Site `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions) `t $($WebRoleAssignment.Member.LoginName)`t $($WebRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
} # if loop closed
#Its a SharePoint Group, So search inside the group and check if the user is member of that group
else
{
foreach($user in $WebRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$WebGroupPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebGroupPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url) `t Site `t $($Web.Title)`t $($WebRoleAssignment.Member.Name) `t $($WebGroupPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
#$user foreach closed
} # else closed
}
###******************** Check Lists/libraries with Unique Permissions ********************************###
foreach($list in $Web.Lists)
{
# Check Unique lists/libraries under each sites
if($list.HasUniqueRoleAssignments -eq $true)
{
# to get the list Role Assignmnet
foreach($ListRoleAssignment in $List.RoleAssignments)
{
if($ListRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user
$ListUserPermissions=@()
foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)
{
$ListUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($list.ParentWeb.Url)/$($list.RootFolder.Url)`t List `t $($list.Title)`t Direct Permission `t $($ListUserPermissions) `t $($ListRoleAssignment.Member.LoginName)`t $($ListRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $ListRoleAssignment.Member.users)
{
#Get the Group's Permissions on list
$ListGrpUserPermissions=@()
foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)
{
$ListGrpUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($list.ParentWeb.Url)/$($list.RootFolder.Url) `t list `t $($list.Title)`t $($ListRoleAssignment.Member.Name) `t $($ListGrpUserPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
# To get item level permission
foreach($item in $list.Items)
{
if($item.HasUniqueRoleAssignments -eq $true)
{
foreach($itemRoleAssignment in $item.RoleAssignments)
{
if($itemRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at item level
$ItemUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url +"/"+$item.Url)`t Item `t $($item.Name)`t Direct Permission `t $($ItemUserPermissions) `t $($itemRoleAssignment.Member.LoginName)`t $($itemRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $itemRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$ItemGrpUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemGrpUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url +"/"+$item.Url) `t Item `t $($item.Name)`t $($itemRoleAssignment.Member.Name) `t $($ItemGrpUserPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
}# $item.HasUniqueRoleAssignments closing
} # $item Closing loop
# to get folder level permission
foreach($folder in $list.Folders)
{
if($folder.HasUniqueRoleAssignments -eq $true)
{
foreach($folderRoleAssignment in $folder.RoleAssignments)
{
if($folderRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at item level
$FolderUserPermissions=@()
foreach($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$FolderUserPermissions +=$RoleDefinition.Name + ";"
}
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct Permission `t $($FolderUserPermissions) `t $($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $folderRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$folderGroupRoleAssignment=@()
foreach ($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$folderGroupRoleAssignment += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t $($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
}
} # $folder closing loop
}# $list.HasUniqueRoleAssignments closing
else
{
############################ Checking Inheritaing lists/Libraries Unique Item level permission ############################
# To get item level permission for Inheritaing lists/Libraries
if($list.HasUniqueRoleAssignments -eq $false)
{
foreach($item in $list.Items)
{
if($item.HasUniqueRoleAssignments -eq $true)
{
foreach($itemRoleAssignment in $item.RoleAssignments)
{
if($itemRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at item level
$ItemUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url +"/"+$item.Url)`t Item `t $($item.Name)`t Direct Permission `t $($ItemUserPermissions) `t $($itemRoleAssignment.Member.LoginName)`t $($itemRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $itemRoleAssignment.Member.users)
{
#Get the Group's Permissions on item level
$ItemGrpUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemGrpUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url +"/"+$item.Url) `t Item `t $($item.Name)`t $($itemRoleAssignment.Member.Name) `t $($ItemGrpUserPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
}# $item.HasUniqueRoleAssignments closing
} # $item Closing loop
# To get folder level permission for Inheritaing lists/Libraries
foreach($folder in $list.Folders)
{
if($folder.HasUniqueRoleAssignments -eq $true)
{
foreach($folderRoleAssignment in $folder.RoleAssignments)
{
if($folderRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at folder level
$FolderUserPermissions=@()
foreach($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$FolderUserPermissions +=$RoleDefinition.Name + ";"
}
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct Permission `t $($FolderUserPermissions) `t $($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $folderRoleAssignment.Member.users)
{
#Get the Group's Permissions on folder
$folderGroupRoleAssignment=@()
foreach ($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$folderGroupRoleAssignment += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t $($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
}
} # $folder closing loop
}
############################ closing Inheriting lists/Libraries Unique Item level permission loop ############################
} #else closing
}# $list closing loop
}# $Web.HasUniqueRoleAssignments closing
} # $web closing loop
}
No comments:
Post a Comment