This post will present a Powershell script that will let you Export user permissions in SharePoint from all Web Applications and their Site Collections.
The script creates a CSV file and fills the data in the columns like below:
- Site Name;
- Site Url;
- Name of the Group;
- Login of the Group Owner;
- Display name of the Group Owner;
- User Login (who has the permission);
- User Display Name (who has the permission);
- The role or permission the user has.
The powershell script to export user permissions
The script will create a CSV file in your C directory, but you can change it before running the script in your SharePoint environment.
How to interpret some special permission cases in SharePoint
After export all the data, you will notice some specific situations that may need an explanation for better understanding:
- Rows which the Group Name is empty usually represent situations where the user has direct permissions not inherited by a group;
- Rows which the Group Owner is empty can be related to direct permissions, as said before, or due to out-of-box groups like the Owners, Members and Visitors group;
- User names like c:0!.s|windows represent that all Windows accounts have that access on that site;
- User names like c:0(.s|true represent that any authenticated user has access to that site;
- Rows that contain Limited Access as the role name may represent that the user has custom permissions in that level to a list, library or item too. You can check this thread in StackOverflow for more information
That’s it! I hope the script can help you on when you want to export user permissions in SharePoint. In addition to that, you can check other posts in my blog, related to useful tasks that can be performed using Powershell!
References:
SPWebApplication.GrantAccessToProcessIdentity
Powershell script to find permissions for a specific user
Leave a Reply