SharePoint Permission Report for a specific user

PermissionsReport

Did you ever tried to figure out where Person “John” has access in your SharePoint Farm? There are third party tools out there which help you get permission reports about your SharePoint environment. But you could also use a Powershell Script, which helps you to get a permission report for a specific user. This is really helpful if you need to remove Access or change access of a person cause he/she leaves the company, gets a different position or changes the department.

Challenge

The challenge is, that sometimes people get access directly, or throug a SharePoint Group or even with an AD-Group. Last one makes it always a bit more complex to find out, who has access. In SharePoint permissions can be granted by different objects like Site Collection, Site, List, Library, Listitem, Document, Farm Administrator, Web Application Policy or as Site Collection Admin. So there are many objects to check.

Help from Powershell

You can download a ready script from this page: https://gallery.technet.microsoft.com/office/SharePoint-Permission-2840f327

You just have to change the input variables:

#Input Variables 
$WebAppURL = "http://sharepointserverurl" 
$Userid ="domain\user"  
$ReportPath = "D:\Reports\PermissionRpt.csv" 
 
#Call the function to generate user access report 
Generate-PermissionReport $Userid $WebAppURL $ReportPath

It depends on the size of your farm, how long it takes. You should plan with hours.

Here is an example of how a report looks like, which where for one user:

PermissionsReport

How it looks like and are there AD Groups inside? The report does not list an AD-Group. But in row 14 you see direct permission. This direct permission is given through an AD-Group. So the permissions will be listed, but indeed you do not know exactly which AD-Group is responsible for that. So the report helps you, but it has some limits. Please be aware that this Powershell Script is for free use. For that the result is great. Please keep that in mind.

Third Party Tools

There are a lot of 3rd Party tools available. Those are a few: Metalogix, Avepoint, SPDocKit

The article or information provided here represents completely my own personal view & thought. It is recommended to test the content or scripts of the site in the lab, before making use in the production environment & use it completely at your own risk. The articles, scripts, suggestions or tricks published on the site are provided AS-IS with no warranties or guarantees and confers no rights.



Karsten Schneider
About Karsten Schneider 287 Articles
He is Consultant for SharePoint Solutions for collaboration, communication and business processes. He provides his customers applications based on standard features as well as development or combining the power of several microsoft tools like Dynamics CRM. In his free time he tries to collect tipps and worthy experience in this blog.

Be the first to comment

Leave a Reply

Your email address will not be published.


*