<#
******-----------------------------------------------------------------------******
Author -> Shiv Mangal Singh
Date -> 18 th July - 2017
Description -> This Script will generate all users permission from multiple site collection, Also include Unique Permission details across List & document library level(Folder & nth Level sub folder & Item Level)
Path of csv file->$FileUrl = "D:\contosoSS_MWTeam\Shiv\OperationScript\Report_18July_2017.CSV"
# Read All Site Collections from SiteColl.csv file
$SiteColl = Import-Csv "D:\contosoSS_MWTeam\Shiv\OperationScript\SiteColl.csv"
******-----------------------------------------------------------------------******
#>
Add-PsSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
# Read All Site Collections name from SiteColl.csv file
$SiteColl = Import-Csv "D:\contosoMW_Team\Shiv\PS\UsersPermission\SiteColl.csv"
$FileUrl = "D:\contosoMW_Team\Shiv\PS\UsersPermission\Report_19July_2017.CSV"
#Write CSV - TAB Separated File Header
"URl `t Site/List/item/folder `t Title `t PermissionType/Groups Name `t Permissions `t LoginName `t Email" | out-file $FileUrl
####************** Loop throuh all Site collection level **************####
foreach($sitename in $SiteColl)
{
# Get site collection url
$site =Get-SPSite $sitename.Url
Write-Host $site
#Loop throuh all Sub Sites
foreach($Web in $site.AllWebs)
{
# Check the Unique Sub Sites under each Site Collection
if($Web.HasUniqueRoleAssignments -eq $true)
{
#Get Role assignement
foreach($WebRoleAssignment in $Web.RoleAssignments )
{
#Is it a User Account?
if($WebRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user
$WebUserPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url)`t Site `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions) `t $($WebRoleAssignment.Member.LoginName)`t $($WebRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
} # if loop closed
#Its a SharePoint Group, So search inside the group and check if the user is member of that group
else
{
foreach($user in $WebRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$WebGroupPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebGroupPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url) `t Site `t $($Web.Title)`t $($WebRoleAssignment.Member.Name) `t $($WebGroupPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
#$user foreach closed
} # else closed
}
###******************** Check Lists/libraries with Unique Permissions ********************************###
foreach($list in $Web.Lists)
{
# Check Unique lists/libraries under each sites
if($list.HasUniqueRoleAssignments -eq $true -and $list -ne $null)
{
# to get the list Role Assignmnet
$ListRoleAssignmentColl=$list.RoleAssignments
if($ListRoleAssignmentColl.Count -ne $null)
{
foreach($ListRoleAssignment in $ListRoleAssignmentColl)
{
if($ListRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user
$ListUserPermissions=@()
foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)
{
$ListUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($list.ParentWeb.Url)/$($list.RootFolder.Url)`t List `t $($list.Title)`t Direct Permission `t $($ListUserPermissions) `t $($ListRoleAssignment.Member.LoginName)`t $($ListRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $ListRoleAssignment.Member.users)
{
#Get the Group's Permissions on list
$ListGrpUserPermissions=@()
foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)
{
$ListGrpUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($list.ParentWeb.Url)/$($list.RootFolder.Url) `t list `t $($list.Title)`t $($ListRoleAssignment.Member.Name) `t $($ListGrpUserPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
} # count list roleassignment
# To get item level permission
$listcoll =$list.Items
if($listcoll.Count -ne $null)
{
foreach($item in $listcoll)
{
if($item.HasUniqueRoleAssignments -eq $true)
{
foreach($itemRoleAssignment in $item.RoleAssignments)
{
if($itemRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at item level
$ItemUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url +"/"+$item.Url)`t Item `t $($item.Name)`t Direct Permission `t $($ItemUserPermissions) `t $($itemRoleAssignment.Member.LoginName)`t $($itemRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $itemRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$ItemGrpUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemGrpUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url +"/"+$item.Url) `t Item `t $($item.Name)`t $($itemRoleAssignment.Member.Name) `t $($ItemGrpUserPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
}# $item.HasUniqueRoleAssignments closing
} # $item Closing loop
}#check list item count
# to get folder level permission
$foldercoll =$list.Folders
if($foldercoll.Count -ne $null)
{
foreach($folder in $foldercoll)
{
if($folder.HasUniqueRoleAssignments -eq $true)
{
foreach($folderRoleAssignment in $folder.RoleAssignments)
{
if($folderRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at item level
$FolderUserPermissions=@()
foreach($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$FolderUserPermissions +=$RoleDefinition.Name + ";"
}
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct Permission `t $($FolderUserPermissions) `t $($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $folderRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$folderGroupRoleAssignment=@()
foreach ($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$folderGroupRoleAssignment += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t $($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
}
} # $folder closing loop
}# Check Folder count
}# $list.HasUniqueRoleAssignments closing
else
{
############################ Checking Inheritaing lists/Libraries under Unique Sub sites for unique Item level ############################
# To get item level permission for Inheritaing lists/Libraries under Unique Sub Sites
$listcollUnique =$list.Items
if($listcollUnique.Count -ne $null)
{
foreach($item in $listcollUnique)
{
if($item.HasUniqueRoleAssignments -eq $true)
{
foreach($itemRoleAssignment in $item.RoleAssignments)
{
if($itemRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at item level
$ItemUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url +"/"+$item.Url)`t Item `t $($item.Name)`t Direct Permission `t $($ItemUserPermissions) `t $($itemRoleAssignment.Member.LoginName)`t $($itemRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $itemRoleAssignment.Member.users)
{
#Get the Group's Permissions on item level
$ItemGrpUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemGrpUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
# "$($Web.Url +"/"+$item.Url) `t Item `t $($item.Name)`t $($itemRoleAssignment.Member.Name) `t $($ItemGrpUserPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
}# $item.HasUniqueRoleAssignments closing
} # $item Closing loop
}# Check item count
# To get folder level permission for Inheritaing lists/Libraries
$foldercollunique = $list.Folders
if($foldercollunique.Count -ne $null)
{
foreach($folder in $foldercollunique)
{
if($folder.HasUniqueRoleAssignments -eq $true)
{
foreach($folderRoleAssignment in $folder.RoleAssignments)
{
if($folderRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at folder level
$FolderUserPermissions=@()
foreach($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$FolderUserPermissions +=$RoleDefinition.Name + ";"
}
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct Permission `t $($FolderUserPermissions) `t $($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $folderRoleAssignment.Member.users)
{
#Get the Group's Permissions on folder
$folderGroupRoleAssignment=@()
foreach ($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$folderGroupRoleAssignment += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t $($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
}
} # $folder closing loop
}# check folder item count
############################ closing Inheritaing lists/Libraries Unique Item level permission loop ############################
} #else closing
}# $list closing loop
}# $Web.HasUniqueRoleAssignments closing
# for Inherited Sub sites and lists
else
{
foreach($list in $Web.Lists)
{
# Check Unique lists/libraries under each sites
if($list.HasUniqueRoleAssignments -eq $false -and $list -ne $null)
{
# To get item level permission
$listcoll =$list.Items
if($listcoll.Count -ne $null)
{
foreach($item in $listcoll)
{
if($item.HasUniqueRoleAssignments -eq $true)
{
foreach($itemRoleAssignment in $item.RoleAssignments)
{
if($itemRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at item level
$ItemUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url +"/"+$item.Url)`t Item `t $($item.Name)`t Direct Permission `t $($ItemUserPermissions) `t $($itemRoleAssignment.Member.LoginName)`t $($itemRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $itemRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$ItemGrpUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemGrpUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url +"/"+$item.Url) `t Item `t $($item.Name)`t $($itemRoleAssignment.Member.Name) `t $($ItemGrpUserPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
} # closing Item RoleAssignment loop
}# $item.HasUniqueRoleAssignments closing loop
} # list $item Closing loop
}#check list item count
######********************# to get folder level permission ################********************
$foldercoll =$list.Folders
if($foldercoll.Count -ne $null)
{
foreach($folder in $foldercoll)
{
if($folder.HasUniqueRoleAssignments -eq $true)
{
foreach($folderRoleAssignment in $folder.RoleAssignments)
{
if($folderRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at item level
$FolderUserPermissions=@()
foreach($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$FolderUserPermissions +=$RoleDefinition.Name + ";"
}
#Write-Host $web.Url +"/"+$list.Url+$folder.Url+ "/" +$folder.Name
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct Permission `t $($FolderUserPermissions) `t $($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $folderRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$folderGroupRoleAssignment=@()
foreach ($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$folderGroupRoleAssignment += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t $($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
} # folder RoleAssignmnet finish
} # closing folder Unique role
} # $folder closing loop
}# Check Folder count
######******************** # To closing folder level permission ################********************
}# $list.HasUniqueRoleAssignments closing loop
###
}# $list closing loop
}
# clsosing for inherited list and library
} # $web closing loop
}
******-----------------------------------------------------------------------******
Author -> Shiv Mangal Singh
Date -> 18 th July - 2017
Description -> This Script will generate all users permission from multiple site collection, Also include Unique Permission details across List & document library level(Folder & nth Level sub folder & Item Level)
Path of csv file->$FileUrl = "D:\contosoSS_MWTeam\Shiv\OperationScript\Report_18July_2017.CSV"
# Read All Site Collections from SiteColl.csv file
$SiteColl = Import-Csv "D:\contosoSS_MWTeam\Shiv\OperationScript\SiteColl.csv"
******-----------------------------------------------------------------------******
#>
Add-PsSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
# Read All Site Collections name from SiteColl.csv file
$SiteColl = Import-Csv "D:\contosoMW_Team\Shiv\PS\UsersPermission\SiteColl.csv"
$FileUrl = "D:\contosoMW_Team\Shiv\PS\UsersPermission\Report_19July_2017.CSV"
#Write CSV - TAB Separated File Header
"URl `t Site/List/item/folder `t Title `t PermissionType/Groups Name `t Permissions `t LoginName `t Email" | out-file $FileUrl
####************** Loop throuh all Site collection level **************####
foreach($sitename in $SiteColl)
{
# Get site collection url
$site =Get-SPSite $sitename.Url
Write-Host $site
#Loop throuh all Sub Sites
foreach($Web in $site.AllWebs)
{
# Check the Unique Sub Sites under each Site Collection
if($Web.HasUniqueRoleAssignments -eq $true)
{
#Get Role assignement
foreach($WebRoleAssignment in $Web.RoleAssignments )
{
#Is it a User Account?
if($WebRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user
$WebUserPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url)`t Site `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions) `t $($WebRoleAssignment.Member.LoginName)`t $($WebRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
} # if loop closed
#Its a SharePoint Group, So search inside the group and check if the user is member of that group
else
{
foreach($user in $WebRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$WebGroupPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebGroupPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url) `t Site `t $($Web.Title)`t $($WebRoleAssignment.Member.Name) `t $($WebGroupPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
#$user foreach closed
} # else closed
}
###******************** Check Lists/libraries with Unique Permissions ********************************###
foreach($list in $Web.Lists)
{
# Check Unique lists/libraries under each sites
if($list.HasUniqueRoleAssignments -eq $true -and $list -ne $null)
{
# to get the list Role Assignmnet
$ListRoleAssignmentColl=$list.RoleAssignments
if($ListRoleAssignmentColl.Count -ne $null)
{
foreach($ListRoleAssignment in $ListRoleAssignmentColl)
{
if($ListRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user
$ListUserPermissions=@()
foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)
{
$ListUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($list.ParentWeb.Url)/$($list.RootFolder.Url)`t List `t $($list.Title)`t Direct Permission `t $($ListUserPermissions) `t $($ListRoleAssignment.Member.LoginName)`t $($ListRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $ListRoleAssignment.Member.users)
{
#Get the Group's Permissions on list
$ListGrpUserPermissions=@()
foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)
{
$ListGrpUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($list.ParentWeb.Url)/$($list.RootFolder.Url) `t list `t $($list.Title)`t $($ListRoleAssignment.Member.Name) `t $($ListGrpUserPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
} # count list roleassignment
# To get item level permission
$listcoll =$list.Items
if($listcoll.Count -ne $null)
{
foreach($item in $listcoll)
{
if($item.HasUniqueRoleAssignments -eq $true)
{
foreach($itemRoleAssignment in $item.RoleAssignments)
{
if($itemRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at item level
$ItemUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url +"/"+$item.Url)`t Item `t $($item.Name)`t Direct Permission `t $($ItemUserPermissions) `t $($itemRoleAssignment.Member.LoginName)`t $($itemRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $itemRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$ItemGrpUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemGrpUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url +"/"+$item.Url) `t Item `t $($item.Name)`t $($itemRoleAssignment.Member.Name) `t $($ItemGrpUserPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
}# $item.HasUniqueRoleAssignments closing
} # $item Closing loop
}#check list item count
# to get folder level permission
$foldercoll =$list.Folders
if($foldercoll.Count -ne $null)
{
foreach($folder in $foldercoll)
{
if($folder.HasUniqueRoleAssignments -eq $true)
{
foreach($folderRoleAssignment in $folder.RoleAssignments)
{
if($folderRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at item level
$FolderUserPermissions=@()
foreach($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$FolderUserPermissions +=$RoleDefinition.Name + ";"
}
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct Permission `t $($FolderUserPermissions) `t $($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $folderRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$folderGroupRoleAssignment=@()
foreach ($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$folderGroupRoleAssignment += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t $($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
}
} # $folder closing loop
}# Check Folder count
}# $list.HasUniqueRoleAssignments closing
else
{
############################ Checking Inheritaing lists/Libraries under Unique Sub sites for unique Item level ############################
# To get item level permission for Inheritaing lists/Libraries under Unique Sub Sites
$listcollUnique =$list.Items
if($listcollUnique.Count -ne $null)
{
foreach($item in $listcollUnique)
{
if($item.HasUniqueRoleAssignments -eq $true)
{
foreach($itemRoleAssignment in $item.RoleAssignments)
{
if($itemRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at item level
$ItemUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url +"/"+$item.Url)`t Item `t $($item.Name)`t Direct Permission `t $($ItemUserPermissions) `t $($itemRoleAssignment.Member.LoginName)`t $($itemRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $itemRoleAssignment.Member.users)
{
#Get the Group's Permissions on item level
$ItemGrpUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemGrpUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
# "$($Web.Url +"/"+$item.Url) `t Item `t $($item.Name)`t $($itemRoleAssignment.Member.Name) `t $($ItemGrpUserPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
}# $item.HasUniqueRoleAssignments closing
} # $item Closing loop
}# Check item count
# To get folder level permission for Inheritaing lists/Libraries
$foldercollunique = $list.Folders
if($foldercollunique.Count -ne $null)
{
foreach($folder in $foldercollunique)
{
if($folder.HasUniqueRoleAssignments -eq $true)
{
foreach($folderRoleAssignment in $folder.RoleAssignments)
{
if($folderRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at folder level
$FolderUserPermissions=@()
foreach($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$FolderUserPermissions +=$RoleDefinition.Name + ";"
}
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct Permission `t $($FolderUserPermissions) `t $($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $folderRoleAssignment.Member.users)
{
#Get the Group's Permissions on folder
$folderGroupRoleAssignment=@()
foreach ($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$folderGroupRoleAssignment += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t $($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
}
}
} # $folder closing loop
}# check folder item count
############################ closing Inheritaing lists/Libraries Unique Item level permission loop ############################
} #else closing
}# $list closing loop
}# $Web.HasUniqueRoleAssignments closing
# for Inherited Sub sites and lists
else
{
foreach($list in $Web.Lists)
{
# Check Unique lists/libraries under each sites
if($list.HasUniqueRoleAssignments -eq $false -and $list -ne $null)
{
# To get item level permission
$listcoll =$list.Items
if($listcoll.Count -ne $null)
{
foreach($item in $listcoll)
{
if($item.HasUniqueRoleAssignments -eq $true)
{
foreach($itemRoleAssignment in $item.RoleAssignments)
{
if($itemRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at item level
$ItemUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url +"/"+$item.Url)`t Item `t $($item.Name)`t Direct Permission `t $($ItemUserPermissions) `t $($itemRoleAssignment.Member.LoginName)`t $($itemRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $itemRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$ItemGrpUserPermissions=@()
foreach ($RoleDefinition in $itemRoleAssignment.RoleDefinitionBindings)
{
$ItemGrpUserPermissions += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($Web.Url +"/"+$item.Url) `t Item `t $($item.Name)`t $($itemRoleAssignment.Member.Name) `t $($ItemGrpUserPermissions) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
} # closing Item RoleAssignment loop
}# $item.HasUniqueRoleAssignments closing loop
} # list $item Closing loop
}#check list item count
######********************# to get folder level permission ################********************
$foldercoll =$list.Folders
if($foldercoll.Count -ne $null)
{
foreach($folder in $foldercoll)
{
if($folder.HasUniqueRoleAssignments -eq $true)
{
foreach($folderRoleAssignment in $folder.RoleAssignments)
{
if($folderRoleAssignment.Member.userlogin)
{
#Get the Permissions assigned to user at item level
$FolderUserPermissions=@()
foreach($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$FolderUserPermissions +=$RoleDefinition.Name + ";"
}
#Write-Host $web.Url +"/"+$list.Url+$folder.Url+ "/" +$folder.Name
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t Direct Permission `t $($FolderUserPermissions) `t $($folderRoleAssignment.Member.LoginName)`t $($folderRoleAssignment.Member.Email)" | Out-File $FileUrl -Append
}
else
{
foreach($user in $folderRoleAssignment.Member.users)
{
#Get the Group's Permissions on site
$folderGroupRoleAssignment=@()
foreach ($RoleDefinition in $folderRoleAssignment.RoleDefinitionBindings)
{
$folderGroupRoleAssignment += $RoleDefinition.Name +";"
}
#Send the Data to Log file
"$($web.Url +"/"+$list.Url+$folder.Url) `t folder `t $($folder.Name)`t $($folderRoleAssignment.Member.Name) `t $($folderGroupRoleAssignment) `t $($user.LoginName)`t $($user.Email)" | Out-File $FileUrl -Append
}
}
} # folder RoleAssignmnet finish
} # closing folder Unique role
} # $folder closing loop
}# Check Folder count
######******************** # To closing folder level permission ################********************
}# $list.HasUniqueRoleAssignments closing loop
###
}# $list closing loop
}
# clsosing for inherited list and library
} # $web closing loop
}
No comments:
Post a Comment