<#
******-----------------------------------------------------------------------******
Author
-> Shiv Mangal Singh
Date
-> 5th August - 2019
Description
-> This Script will generate document library permission(folder/ sub
folder) with unique folder and item level Permission
Site Collection Name --> $site = Get-SPWeb
"Site Url"
******-----------------------------------------------------------------------******
#>
Add-PsSnapin Microsoft.SharePoint.PowerShell
-ErrorAction SilentlyContinue
#Get Site Name
$web = Get-SPWeb "Site Url”
#Write-Host $web
#Get the document
library name
$list =$web.GetList("Document library Url”)
Write-Host $list.Title
#Write-Host $list.RoleAssignments.Count
# export report path
$FileUrl = "E:\SharePoint_Report\AR_4thFeb20_RW_Permission.csv"
#Create header in CSV file for report
"URl `t Document Library/folder/file `t Title `t
PermissionType/Groups Name `t Permissions `t LoginName `t Email" | out-file $FileUrl
###******************** Check Lists/libraries Permissions
********************************###
# To check the list's Role Assignmnet
if($list.RoleAssignments.Count
-ne $null)
{
foreach($ListRoleAssignment
in $list.RoleAssignments)
{
if($ListRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user
$ListUserPermissions=@()
foreach
($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)
{
if($RoleDefinition.Name
-ne "Limited
Access")
{
$ListUserPermissions
+= $RoleDefinition.Name +";"
#Send
the Data to Log file
"$($list.ParentWeb.Url)/$($list.RootFolder.Url)`t List `t $($list.Title)`t Direct Permission `t $($ListUserPermissions) `t $($ListRoleAssignment.Member.LoginName)`t $($ListRoleAssignment.Member.Email)" | Out-File $FileUrl
-Append
}
}
}
else
{
foreach($user in $ListRoleAssignment.Member.users)
{
#Get
the Group's Permissions on list
$ListGrpUserPermissions=@()
foreach
($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)
{
if($RoleDefinition.Name
-ne "Limited
Access")
{
$ListGrpUserPermissions
+= $RoleDefinition.Name +";"
"$($list.ParentWeb.Url)/$($list.RootFolder.Url) `t list `t $($list.Title)`t $($ListRoleAssignment.Member.Name) `t $($ListGrpUserPermissions)
`t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
} #
foreach loop to get the Group's Permissions on list
}
}
}
} #
count list roleassignment
###########################To
get item level permission###########################################################################
$listcoll
=$list.Items
if($listcoll.Count
-ne $null)
{
foreach($item in $listcoll)
{
#########################To check he
unique item level permission#########################
if($item.HasUniqueRoleAssignments
-eq $true)
{
foreach($itemRoleAssignment in
$item.RoleAssignments)
{
if($itemRoleAssignment.Member.userlogin)
{
#Get
the Permissions assigned to user at item level
$ItemUserPermissions=@()
foreach
($itemRoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
if($itemRoleDefinition.Name -ne "Limited Access")
{
$ItemUserPermissions +=
$itemRoleDefinition.Name +";"
"$($Web.Url +"/"+$item.Url)`t Item `t $($item.Name)`t Direct Permission `t $($ItemUserPermissions) `t $($itemRoleAssignment.Member.LoginName)`t $($itemRoleAssignment.Member.Email)" | Out-File $FileUrl
-Append
}
}
#Send the Data to Log file
#
"$($Web.Url +"/"+$item.Url)`t Item `t $($item.Name)`t Direct
Permission `t $($ItemUserPermissions) `t
$($itemRoleAssignment.Member.LoginName)`t
$($itemRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $itemRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$ItemGrpUserPermissions=@()
foreach ($itemGrpRoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
if($itemGrpRoleDefinition.Name -ne "Limited Access")
{
$ItemGrpUserPermissions
+= $itemGrpRoleDefinition.Name +";"
"$($Web.Url +"/"+$item.Url) `t Item `t $($item.Name)`t $($itemRoleAssignment.Member.Name) `t $($ItemGrpUserPermissions)
`t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
}
}
}
#########################End loop to check
unique item level permission##########################
} #
foreach $item Closing loop
}#check
list item count
###################################To
Check the folder level permission#########################
$foldercoll =$list.Folders
if($foldercoll.Count -ne $null)
{
foreach($folder
in $foldercoll)
{
###################To Check the folder
Inheriting permission ###########################
if($folder.HasUniqueRoleAssignments -eq $false)
{
foreach($folderRoleAssignment in
$folder.RoleAssignments)
{
if($folderRoleAssignment.Member.userlogin)
{
#Get
the Permissions assigned to user at item level
$FolderUserPermissions=@()
foreach($folderRoleDefinition in
$folderRoleAssignment.RoleDefinitionBindings)
{
if($folderRoleDefinition.Name
-ne "Limited
Access")
{
$FolderUserPermissions +=$folderRoleDefinition.Name
+ ";"
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct
Permission `t $($FolderUserPermissions) `t $($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)" | Out-File $FileUrl
-Append
}
}
#Send
the Data to Log file
# "$($web.Url
+"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct
Permission `t $($FolderUserPermissions) `t
$($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)"
| Out-File $FileUrl -Append
}
else
{
foreach($user in $folderRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$folderGroupRoleAssignment=@()
foreach ($folderGrpRoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
if($folderGrpRoleDefinition.Name -ne "Limited Access")
{
$folderGroupRoleAssignment += $folderGrpRoleDefinition.Name +";"
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t $($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl
-Append
}
}
#Send the Data to Log file
# "$($web.Url +"/"+$list.Url+$folder.Url) `t folder
`t $($folder.Name)`t
$($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t
$($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
} #shiv
###################################################To
Check the folder unique permission list########################
elseif($folder.HasUniqueRoleAssignments
-eq $true)
{
foreach($folderRoleAssignment in
$folder.RoleAssignments)
{
if($folderRoleAssignment.Member.userlogin)
{
#Get
the Permissions assigned to user at item level
$FolderUserPermissions=@()
foreach($folderRoleDefinition in
$folderRoleAssignment.RoleDefinitionBindings)
{
if($folderRoleDefinition.Name
-ne "Limited
Access")
{
$FolderUserPermissions +=$folderRoleDefinition.Name
+ ";"
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct
Permission `t $($FolderUserPermissions) `t $($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)" | Out-File $FileUrl
-Append
}
}
#Send
the Data to Log file
# "$($web.Url
+"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct
Permission `t $($FolderUserPermissions) `t
$($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)"
| Out-File $FileUrl -Append
}
else
{
foreach($user in $folderRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$folderGroupRoleAssignment=@()
foreach ($folderGrpRoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
if($folderGrpRoleDefinition.Name -ne "Limited Access")
{
$folderGroupRoleAssignment += $folderGrpRoleDefinition.Name +";"
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t $($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl
-Append
}
}
#Send the Data to Log file
# "$($web.Url +"/"+$list.Url+$folder.Url) `t folder
`t $($folder.Name)`t
$($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t
$($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
}
########################################
End to Check the folder unique permission ########################
} # $folder closing loop
}# Check Folder count