#SharePoint 2013 #PowerShell: How to get user permissions report

function Get-SPPermissionsReport($web, $recursive)
{
  $web | Get-SPUser | % { New-Object PSObject -Property @{
    UserLogin = $_.UserLogin
    'Roles given explicitly' = $_.Roles
    'Roles given via groups' = $_.Groups | %{$_.Roles}
    Groups = $_.Groups
    Url = $web.Url
    }
  }
  if($recursive) { $web.Webs | % { Get-SPPermissionsReport $_ $recursive } }
}
$web = Get-SPWeb http://yoursharepoint/sites/department
Get-SPPermissionsReport $web $true | Sort-Object UserLogin | Out-GridView

Then you can apply an additional filter by user or url right in the GridView.
You can add an additional matching criteria in the GridView: e.g. match by Role/Group name

Advertisements

9 thoughts on “#SharePoint 2013 #PowerShell: How to get user permissions report

  1. Sure. Actually, there is the root Web of Site Collection in my example.And then it do recursive search across all the children.
    You can specify $false for the second argument. In that case you will get the permissions only for a particular site.

    To make it clear:
    Site Collection – you need to specify URL of the Root Web.
    Web – specify Web url.

  2. Thanks a lot for your script, it works. Actually I was looking for something different, I mean I would like to solve a question about “users and groups” in Shareopint 2010 and if you could help me I’ll thank you forever.

    From the site page “https://docs.mydomain/sites/site X/_layouts/people.aspx” I can see, as administrator, only part of users who have authorization to enter the Site (List Settings are not costraining the view).

    These users, I think (but I’m not sure), are the users who went browsing the site or did create docs or other items, and I really would like to get the list of these users with a powershell script.

    Each site is organized so that AD groups are members of SP site groups and people (in AD groups) sometimes move from one group to another. With a script I would like to remove them automatically from the old group if they are not in the list given in people.aspx.
    Do you think is it possible?

    Thank You in advance for your reply,
    Leo

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s