SharePoint Permission Report for a specific user

PermissionsReport

Did you ever tried to figure out where Person “John” has access in your SharePoint Farm? There are third party tools out there which help you get permission reports about your SharePoint environment. But you could also use a Powershell Script, which helps you to get a permission report for a specific user. This is really helpful if you need to remove Access or change access of a person cause he/she leaves the company, gets a different position or changes the department.

Challenge

The challenge is, that sometimes people get access directly, or throug a SharePoint Group or even with an AD-Group. Last one makes it always a bit more complex to find out, who has access. In SharePoint permissions can be granted by different objects like Site Collection, Site, List, Library, Listitem, Document, Farm Administrator, Web Application Policy or as Site Collection Admin. So there are many objects to check.

Help from Powershell

You can download a ready script from this page: https://gallery.technet.microsoft.com/office/SharePoint-Permission-2840f327

You just have to change the input variables:

#Input Variables 
$WebAppURL = "http://sharepointserverurl" 
$Userid ="domain\user"  
$ReportPath = "D:\Reports\PermissionRpt.csv" 
 
#Call the function to generate user access report 
Generate-PermissionReport $Userid $WebAppURL $ReportPath

It depends on the size of your farm, how long it takes. You should plan with hours.

Here is an example of how a report looks like, which where for one user:

PermissionsReport

How it looks like and are there AD Groups inside? The report does not list an AD-Group. But in row 14 you see direct permission. This direct permission is given through an AD-Group. So the permissions will be listed, but indeed you do not know exactly which AD-Group is responsible for that. So the report helps you, but it has some limits. Please be aware that this Powershell Script is for free use. For that the result is great. Please keep that in mind.

Third Party Tools

There are a lot of 3rd Party tools available. Those are a few: Metalogix, Avepoint, SPDocKit

The article or information provided here represents completely my own personal view & thought. It is recommended to test the content or scripts of the site in the lab, before making use in the production environment & use it completely at your own risk. The articles, scripts, suggestions or tricks published on the site are provided AS-IS with no warranties or guarantees and confers no rights.

About Karsten Schneider 312 Articles
Consultant for Microsoft 365 Applications with a strong focus in Teams, SharePoint Online, OneDrive for Business as well as PowerPlatform with PowerApps, Flow and PowerBI. I provide Workshops for Governance & Security in Office 365 and Development of Solutions in the area of Collaboration and Teamwork based on Microsoft 365 and Azure Cloud Solutions. In his free time he tries to collect tipps and worthy experience in this blog.

1 Comment

  1. sure would be nice if the link was not dead. Think you could be bothered to dig up this old code and send it to me direct or report it to github or something? I have multiple companies that are still running SP2013…

Leave a Reply

Your email address will not be published.


*