SharePoint: User Permissions detail report for a Web Application

Overview:

A site administrator can easily verify and check user permissions from site settings page, steps are quite simple:

Go to Site Settings –> Site Permissions –> Click on Check Permissions Button and enter user name, this will list the user rights for a single user. But what if it is required to list access permission details for all the users in a SharePoint site, this is not possible Out of the Box.

The below listed script methods are helpful is this scenario, it will list  all users with their permissions and security group detail. The script will generate a detail drill down report for a Web Application which include all sites, sub sites, lists/libraries and items (if inheritance is break).

Script Methods:

You can download the script from Technet Gallery (Direct Download) and execute the the file or can open it in notepad or ISE Editor to view the method details.

Method Call:

There is a method in the script which takes two parameters, the WebApplication URL and Output file path, which will create a report in CSV format.

GetUserAccessReport <span class="powerShell__string">"http://sp2013"</span> <span class="powerShell__string">"c:\users_PermisionReport.csv"</span>

The output is generated in CSV format, below images shows the output format:

User Access Report

I have tested this script on both SharePoint 2013 and SharePoint 2010.

Salaudeen Rajack has written a script on Technet to Check Access Rights for a Specific User, I did a little modification to get the permission details of all users for a Web Application. Thanks to Salaudeen for sharing such a wonderful script to the tech community.

The following two tabs change content below.
Adnan Amin
Adnan is an active SharePoint MVP and having over 11 years of extensive experience with major expertise on SharePoint Server, office 365, .Net Platform and Microsoft BI, Adnan is currently working as SharePoint Architect at FMT Consultants. He is MCT Regional Lead for Pakistan Chapter since 2012. He is working on SharePoint for past seven years and worked on different intranet/intranet solutions for private & govt. sector majorly in United States and Gulf region, which include OOB and customized solutions. He is a trainer, technology evangelist and also speaks in community forums.

15 Comments

    • pls let me know how to input method into function. I have tried with below but getting error.

      Function GetUserAccessReport “http://123.com:88” “c:\users_PermisionReport.csv”

      Error:

      At C:\Users\svc-EroomsPOC\Desktop\Export\Permision Check.ps1:11 char:29
      + Function GetUserAccessReport “http://123.com:88” “c:\users_PermisionReport.c …
      + ~
      Missing function body in function declaration.
      At C:\Users\svc-EroomsPOC\Desktop\Export\Permision Check.ps1:11 char:54
      + Function GetUserAccessReport “http://123.com:88” “c:\users_PermisionReport.c …
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Unexpected token ‘”c:\users_PermisionReport.csv”‘ in expression or statement.
      + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
      + FullyQualifiedErrorId : MissingFunctionBody

  1. When I view the report, AD groups are returned as a GUID, is there a way to resolve the name?
    For example, this login name c:0+.w|s-1-5-21-127668209-7358673-669932061-513
    is a member of the visitors group for a given site.

  2. You actually make it seem so easy with your presentation but I find this topic to be actually something that I think I would never understand. It seems too complex and very broad for me. I’m looking forward for your next post, I’ll try to get the hang of it!|

  3. Small fix for unique permissions for lists (you were posting variable $user.LoginName as the group permission):
    “$($Web.Url) `t List `t $($List.Title)`t Member of $($ListRoleAssignment.Member.Name) Group `t $($ListGroupPermissions) `t $($user.LoginName)” | Out-File $FileUrl -Append

  4. The value in the column ‘Permissions’ is sometimes incorrect. It shows the same value as the column ‘LoginName’ What can I do to fix this? Besides this issue the script is really nice and exactly what I need!

  5. Hi,

    Is it possible to convert this script for use with sharepoint online? i have noticed a number of the cmdlets called in the script don’t exist in sharepoint online. can anyone point me to where i can find a similar script for sharepoint online/office 365?

    Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *