User Access Url1

Add-PSSnapin Microsoft.SharePoint.
PowerShell -ErrorAction SilentlyContinue
Function GetUserAccessReport($WebAppURL, $SearchUser)

{
#Get All Site Collections of the WebApp
$SiteCollections = Get-SPSite -WebApplication $WebAppURL -Limit All
#Write CSV- TAB Separated File) Header

"URL `t Site/List `t Title `t PermissionType `t Permissions" | out-file
UserAccessReport.csv
#Check Whether the Search Users is a Farm Administrator

$AdminWebApp= Get-SPwebapplication -includecentraladministration
| where {$_.IsAdministrationWebApplication}
$AdminSite = Get-SPweb($AdminWebApp.Url)
$AdminGroupName = $AdminSite.AssociatedOwnerGroup
$FarmAdminGroup = $AdminSite.SiteGroups[$AdminGroupName]
foreach ($user in $FarmAdminGroup.users)

{
if($user.LoginName -eq $SearchUser)
{
"$($AdminWebApp.URL) `t Farm `t $
($AdminSite.Title)`t Farm Administrator `t Farm Administrator" | Out-File
UserAccessReport.csv -Append
}
}
#Check Web Application Policies

$WebApp= Get-SPWebApplication $WebAppURL
foreach ($Policy in $WebApp.Policies)

{
#Check if the search users is member of the group
if($Policy.UserName -eq $SearchUser)
{
#Write-Host $Policy.UserName
$PolicyRoles=@()
foreach($Role in $Policy.PolicyRoleBindings)
{
$PolicyRoles+= $Role.Name +";"
}
#Write-Host "Permissions: " $PolicyRoles
"$($AdminWebApp.URL) `t Web Application `t $

($AdminSite.Title)`t Web Application Policy `t $($PolicyRoles)" | Out-File
}
}
#Loop through all site collections

foreach($Site in $SiteCollections)
{
#Check Whether the Search User is a Site Collection Administrator
foreach($SiteCollAdmin in $Site.RootWeb.SiteAdministrators)
{
if($SiteCollAdmin.LoginName -eq $SearchUser)
{
"$($Site.RootWeb.Url) `t Site `t $
($Site.RootWeb.Title)`t Site Collection Administrator `t Site Collection
Administrator" | Out-File UserAccessReport.csv -Append
}
}
#Loop throuh all Sub Sites

foreach($Web in $Site.AllWebs)
{
if($Web.HasUniqueRoleAssignments -eq $True)
{
#Get all the users granted permissions to the list
foreach($WebRoleAssignment in $Web.RoleAssignments )
{
#Is it a User Account?
if($WebRoleAssignment.Member.userlogin)
{
#Is the
current user is the user we search for?
if($WebRoleAssignment.Member.LoginName -eq $SearchUser)
#Write-Host $SearchUser has direct permissions to site $Web.Url
#Get the Permissions assigned to user
$WebUserPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
$WebUserPermissions += $RoleDefinition.Name +";"

}
#write-host "with these permissions: " $WebUserPermissions
#Send the Data to Log file
"$($Web.Url) `t Site `t $($Web.Title)`t Direct Permission `t $

($WebUserPermissions)" | Out-File UserAccessReport.csv -Append
}
}
#Its a SharePoint Group, So search
inside the group and check if the user is member of that group
else
{
foreach($user in $WebRoleAssignment.member.users)
{
#Check if
the search users is member of the group

{
#Write-Host "$SearchUser is Member of " $WebRoleAssignment.Member.Name "Group"

#Get the Group's Permissions on site
$WebGroupPermissions=@()
foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)
$WebGroupPermissions += $RoleDefinition.Name +";"

}
#write-host "Group has these permissions: " $WebGroupPermissions
"$($Web.Url) `t Site `t $($Web.Title)`t Member of $($WebRoleAssignment.Member.Name)

Group `t $($WebGroupPermissions)" | Out-File UserAccessReport.csv -Append
}
}
}
}
}
#******** Check Lists with Unique

Permissions ********/
foreach($List in $Web.lists)
{
if($List.HasUniqueRoleAssignments -eq $True -and
($List.Hidden -eq $false))
{
#Get all the users granted permissions to the
list
foreach($ListRoleAssignment in
$List.RoleAssignments )
{
#Is it a User Account?
if($ListRoleAssignment.Member.userlogin)
#Is the current user is the user we search for?
if($ListRoleAssignment.Member.LoginName -eq $SearchUser)
#Write-Host $SearchUser has direct permissions to List ($List.ParentWeb.Url)/

($List.RootFolder.Url)
#Get the Permissions assigned to user
$ListUserPermissions=@()
foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)

{
$ListUserPermissions += $RoleDefinition.Name +";"
#write-host "with these permissions: " $ListUserPermissions
"$($List.ParentWeb.Url)/$($List.RootFolder.Url) `t List `t $($List.Title)`t Direct

Permissions `t $($ListUserPermissions)" | Out-File UserAccessReport.csv -Append
#Its a SharePoint Group, So search inside the group and check if the user is member
of that group
else
foreach($user in $ListRoleAssignment.member.users)
{
#Write-Host "$SearchUser is Member of " $ListRoleAssignment.Member.Name "Group"
#Get the Group's Permissions on site
$ListGroupPermissions=@()
foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)
$ListGroupPermissions += $RoleDefinition.Name +";"
#write-host "Group has these permissions: " $ListGroupPermissions
"$($Web.Url) `t Site `t $($List.Title)`t Member of $

($ListRoleAssignment.Member.Name) Group `t $($ListGroupPermissions)" | Out-File
}
}
}
}
}
}
}
}
#Call the function to Check User Access

GetUserAccessReport "http://lillynetcollaboration.global.lilly.com" "LSS and CRO
Reports Personnel"

User Access Url1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

User Access Url1

Uploaded by

Copyright:

Available Formats

Add-PSSnapin Microsoft.SharePoint.

PowerShell -ErrorAction SilentlyContinue

Function GetUserAccessReport($WebAppURL, $SearchUser)

#Write CSV- TAB Separated File) Header

#Check Whether the Search Users is a Farm Administrator

foreach ($user in $FarmAdminGroup.users)

#Check Web Application Policies

foreach ($Policy in $WebApp.Policies)

"$($AdminWebApp.URL) `t Web Application `t $

#Loop through all site collections

#Loop throuh all Sub Sites

if($WebRoleAssignment.Member.LoginName -eq $SearchUser)

#Write-Host $SearchUser has direct permissions to site $Web.Url

#Get the Permissions assigned to user

foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)

$WebUserPermissions += $RoleDefinition.Name +";"

#write-host "with these permissions: " $WebUserPermissions

#Send the Data to Log file

"$($Web.Url) `t Site `t $($Web.Title)`t Direct Permission `t $

if($user.LoginName -eq $SearchUser)

#Write-Host "$SearchUser is Member of " $WebRoleAssignment.Member.Name "Group"

foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings)

$WebGroupPermissions += $RoleDefinition.Name +";"

#write-host "Group has these permissions: " $WebGroupPermissions

#Send the Data to Log file

"$($Web.Url) `t Site `t $($Web.Title)`t Member of $($WebRoleAssignment.Member.Name)

#******** Check Lists with Unique

#Is the current user is the user we search for?

if($ListRoleAssignment.Member.LoginName -eq $SearchUser)

#Write-Host $SearchUser has direct permissions to List ($List.ParentWeb.Url)/

#Get the Permissions assigned to user

foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)

$ListUserPermissions += $RoleDefinition.Name +";"

#write-host "with these permissions: " $ListUserPermissions

#Send the Data to Log file

"$($List.ParentWeb.Url)/$($List.RootFolder.Url) `t List `t $($List.Title)`t Direct

if($user.LoginName -eq $SearchUser)

#Write-Host "$SearchUser is Member of " $ListRoleAssignment.Member.Name "Group"

#Get the Group's Permissions on site

foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings)

$ListGroupPermissions += $RoleDefinition.Name +";"

#write-host "Group has these permissions: " $ListGroupPermissions

#Send the Data to Log file

"$($Web.Url) `t Site `t $($List.Title)`t Member of $

#Call the function to Check User Access

You might also like