List all permission setup within a library/list

It is always a trouble for SharePoint administrator maintain a library or list’s permission. Because the user can always break inheritance for a nested subfolder. After a while, no one remember the unique permission setup long time ago and it become a unmanaged security risk.

Here is a PowerShell script to scan a specific library or list. Scanned result will be exported to a csv. All the unique permission in each file/item and subfolder will be listed out.

SharePoint admin其中一個時常面對的困難就是「文件庫」或「清單」中設定的獨立權限, SharePoint上沒有很好的管理工具去告知admin哪些file/item有獨立權限, 久而久之文件庫上就會留下一堆沒有懂得管理的文件。

以下是一個簡單的PowerShell程式, 可以掃瞄指定library/list, 然後列出所有獨立權限的設定

param (
[Parameter(Mandatory=$true)][string]$libname,
[Parameter(Mandatory=$true)][string]$weburl,
[string]$OutputPath
)
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#$libname = “Shared Documents"
#$weburl = “http://sharepoint/sites/abc"

$OutputReport = $OutputPath + “LibPermissionReport_" + ($libname -replace ‘[[&+*?()\\.\s]’,’-‘) + “.csv"
#delete the file, If already exist!
if (Test-Path $OutputReport) {
Remove-Item $OutputReport
}
#Write header to Log file
“URL `t Scope `t Title`t permission come from… `t Permission Level `t ($libname)" | Out-File $OutputReport -Append

$web =  Get-SPweb $weburl
$list = $web.Lists[$libname]

foreach ($sf in $list.folders){
if($sf.HasUniqueRoleAssignments) {
$UserPermissions=""
foreach($RoleAssignment in $sf.RoleAssignments) {
$UserPermissions += $RoleAssignment.Member.Name+"["
$rolelist=@()
foreach ($RoleDefinition in $RoleAssignment.RoleDefinitionBindings) {
$rolelist += $RoleDefinition.Name
}
$UserPermissions+=$rolelist -join “,"
$UserPermissions+="];"
}
#Send the Data to Log file
“$($weburl+"/"+$sf.Url) `t Folder `t $($sf.Title)`t Direct Permission `t $($UserPermissions)" | Out-File $OutputReport -Append
}
}

foreach ($item in $list.items) {
if($item.HasUniqueRoleAssignments) {
$UserPermissions=""
foreach($RoleAssignment in $item.RoleAssignments) {
$UserPermissions += $RoleAssignment.Member.Name+"["
$rolelist=@()
foreach ($RoleDefinition in $RoleAssignment.RoleDefinitionBindings) {
$rolelist += $RoleDefinition.Name
}
$UserPermissions+=$rolelist -join “,"
$UserPermissions+="];"
}
#Send the Data to Log file
“$($weburl+"/"+$item.Url) `t File/Item `t $($item.Name)`t Direct Permission `t $($UserPermissions)" | Out-File $OutputReport -Append
}
}

write-host “Report $($OutputReport) generated"

Above code is inspired by SharePointDairy.

 

廣告

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com Logo

您的留言將使用 WordPress.com 帳號。 登出 / 變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 / 變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 / 變更 )

Google+ photo

您的留言將使用 Google+ 帳號。 登出 / 變更 )

連結到 %s

%d 位部落客按了讚: