Get a List of SharePoint Permissions for a User using PowerShell

Background Information:20140424-1.png

We want to determine, given a specific user, what lists/libraries he has access to in our SharePoint environment, and what access level he has. We want to automate this discovery process using a PowerShell script that will run on the SharePoint server directly, and will prompt the user executing the script to input the user name of the user for which we want to investigate the access rights for. The end goal of the script will be to produce a report listing all artefacts the user has access to, and what access levels he has to them.

How are Permissions Given in the SharePoint Object Model:

Basically, in the SharePoint world, we can set unique permissions down to the item level, but since all we are worried about is Lists, we won’t have to worry about this level of granularity. The SharePoint Object Model stores permissions into what Microsoft calls Role Assignments. A Role Assignment in the SharePoint world is basically a mapping between a user, a SharePoint artefact (Web, List, etc.) and a Role (Design, Full Control, Contribute, etc).

Script’s Logic:

Our script will require two inputs from the user, the URL of the Web Application to look for the user’s permissions, and off course the login name of the user. The script will loop through all site collections in the Web Application, through all webs, and through all lists, it will gather information about where the user has access and will print a detailed report out to the PowerShell console.

Add-PSSnapin Microsoft.SharePoint.PowerShell

 

$url = Read-Host “URL of the Web Application”

$userName = Read-Host “User Name”

 

$webApp = Get-SPWebApplication $url

$report = “”

$newLine = “`r`n”

 

Write-Host “Report for” $userName -BackgroundColor Blue -ForegroundColor White

# Loop through all site collections

foreach($site in $webApp.Sites)

{

     # Loop through all webs

     foreach($web in $site.AllWebs)

     {

           # Get a reference to the SharePoint user object

           $user = $web.EnsureUser($userName)

 

           # Loop through all lists in the current Web

           $alreadyFoundInCurrentWeb = $false

           foreach($list in $web.Lists)

           {

                # Skip hidden lists (normally system reserved)

                if($list.Hidden -ne $true)

                {

                     # Get Role Assignments for the current user

                     $roleAssignments = $list.RoleAssignments.GetAssignmentByPrincipal($user)

                     $curBinds = “”

 

                     # Loop through all role assignments

                     foreach($role in $roleAssignments)

                     {

                           # Loop through all permission levels

                           $bindings = $role.RoleDefinitionBindings

                           foreach($bind in $bindings)

                           {

                                $curBinds += $bind.Name + “,”

                           }

                     }

 

                     if($curBinds -ne “”)

                     {

                           if($alreadyFoundInCurrentWeb -eq $false)

                          {

                                $report += $web.Url + $newLine

                                $alreadyFoundInCurrentWeb = $true

                           }

                           # Remove trailing comma in bindings list

                           $curBinds = $curBinds.Substring(0, $curBinds.Length -1)

                           $report += ”    ” + $list.Title + ” –> ” + $curBinds + $newLine

                     }

                }

           }

           $web.Dispose()

     }

     $site.Dispose()

}

Write-Host $report

20140424-2.png

Summary:

PowerShell only offers cmdlets for SharePoint down to the Web level. As soon as you start playing with lists and lower objects, a complete understanding of how the SharePoint object model works in the back-end is crucial. Remember, PowerShell bridges the gap between developers and IT Pros, but you require knowledge of both worlds in order to use it to its full potential!

Custom PowerShell Profile

​I sure do a lot of PowerShell scripting lately, and in most cases I develop scripts to interact with SharePoint, meaning I need to load the SharePoint snap-in on every occasion (or use the SharePoint Management Shell instead).  One very useful feature of PowerShell is the possibility to set a custom profile for each user, allowing them to specify various pre-configurations that could be set before launching a PowerShell session on a computer. In my case, I tend to always set the PowerShell console’s background to White and have the foreground color to black. I also make sure the SharePoint snapins are always loaded. That’s just the kind of diva I am 🙂

So what is a PowerShell profile anyway? Well, it simply is a .ps1 PowerShell script that you create and that PowerShell will take care of loading before initiating each session. In order to determine where you need to create this profile file, you can simply query PowerShell by typing in the reserved keyword $profile (see Figure below).

20140424-3.png

Next, all you need to do, is go to the location specified in the PowerShell session, and created the file. In the .ps1 script, simply enter every line of command you wish to see executed at the beginning of every future session. In My case, my profile file looks like the following:

Add-PSSnapin Microsoft.SharePoint.PowerShell
$host.UI.RawUI.BackgroundColor = “White”
$Host.UI.RawUI.ForegroundColor = “Black”

cls 

Simply copy my code above, paste it in your profile’s .ps1 file, save the file, and open a new PowerShell session. Your PowerShell window should now look like the following:

20140424-4.png

Enjoy!

Get a List of All Workflows in a Site Collection using PowerShell

I’ve faced a situation where I needed to figure out what workflows had been created by my clients on a given Site Collection. A user had created a Workflow he remembered naming “Mike’s custom approval Workflow” but couldn’t remember where (on what list) he had created it. I’ve created the following PowerShell script to iterate through all Webs of a given site collection and to retrieve the name of all workflows that have been created on lists. The script expects the user to enter the URL for the root web of the site collection, then iterates through all of its webs, then through all lists, and finally loops through all Workflows associations on these lists. If it finds any workflows, thne it prints its name on screen preceeded by the name of the list on which it has been created.

$siteURL = Read-Host “URL of the Site Collection”
$site = Get-SPSite($siteURL)
foreach($web in $site.AllWebs)
{
foreach($spList in $web.Lists)
{
foreach($wfAssociation in $spList.WorkflowAssociations)
{
Write-Host “{“$wfAssociation.ParentList.Title”} -” $wfAssociation.Name -BackgroundColor Green -ForegroundColor Black
}
}
$web.Dispose()
}​
DiagramIcon.jpg

Getting Information About a Document’s Author in SharePoint

​Every now and then I stumble upon a hidden gem in SharePoint. This time around, it happened after I was asked to retrieve a list of all documents on a specific SharePoint site where a given user was the Author. There are no easy way, in SharePoint out-of-the-box to obtain information about who the author is for a given document stored in SharePoint. However, if you go and add a new column to a Document Library and name that column _Author using Single Line of Text as the data type, you can now expose information about the author of the documents that are contained in that library. New documents added to the library will now see their _Author property automatically filled up with information. Please note however, that documents that are already in the document library will need to have their properties updated in order for this value to show up.

Figure 1 below shows the scenario where the document library was created, the document Empty Learning Plan.docx was uploaded, and only then was the _Author field created, which is why its author value is empty. The second document, named CSS Priorities.docx was uploaded to the library after the _Author field had been added, and therefore has its value filled.

DocLibrary.png

Figure 1 – Two documents in a library, one showing the author of the document, the other has the author value empty
​If we wish to add the Author’s info to the second document, all we have to do is edit its properties. As soon as we hit the edit form of the document, we see that its _Author property is populated (see Figure 2 below).

zzPrepopulateAuthor.png

Figure 2 – Author property pre-poluated upon modifying items

Automating the Value’s Population

Alright, so most of you reading this blog post will be wanting to include this cool functionality to an existing library, and therefore can’t afford to have to go and edit the properties of every single document to get their _Author value. So what is the solution? Well you know me, so I went crazy and developped the following PowerShell script for you to run on your server to automate the field’s value population. Please note however, that this will update the last modified user and last modified date of all records in the list. The PowerShell script below will prompt you to specify the URL of the web site where the library is located as well as specify the name of the library for which you wish to update the _Author information. Note that if your library requires your documents to be checked out before being edited, that you will need to check them out first. Enjoy!

Add-PSSnapin Microsoft.SharePoint.PowerShell
$webUrl = Read-Host “Web URL”
$libraryName = Read-Host “Library Name”
$web = Get-SPWeb $webUrl
$list = $web.Lists[$libraryName]
foreach($item in $list.Items)
{
$item.Update()
}
$web.Dispose()​

Generate Report of all Site Collections and Webs for a SharePoint Web Application using PowerShell

In very large SharePoint environments, there comes a time when you need to figure out just exactly what site collections and webs you have for a given Web Application. SharePoint in nature is so easy to use that it can very quickly grow into this monster of sites collections and ​webs if you let the end users create their own workspaces. The following PowerShell script loops through all site collections and webs for a given Web Application and produces an HTML report file listing all entries in a hierarchical fashion.

 

Add-PSSnapin Microsoft.SharePoint.Powershell

function GetWebs($url)

{

     $spWeb = Get-SPWeb $url

     foreach($web in $spWeb.Webs)

{

         $curLine = “<li><strong>{Web}</strong>” + $web.Title + ” [<em><a href='” + $web.Url + “‘>” + $web.Url + “</a></em>]</li>”

         $curLine | Out-File $outFile -Append

         $curLine = “<ul>”

         $curLine | Out-File $outFile -Append

         GetWebs($web.Url);

         $curLine = “</ul>”

         $curLine | Out-File $outFile -Append

         $web.Dispose()

}

}

$outFile = “C:\Report.html”

$webAppUrl = Read-Host “URL of the Web Application”

$webApp = Get-SPWebApplication $webAppUrl

$curLine = “<html><head><title>” + $webAppUrl + “</title></head><body>”

$curLine | Out-File $outFile

foreach($spSite in $webApp.Sites)

{

     $curLine = “<li><strong>{SC}</strong>” + $spSite.RootWeb.Title +” [<em><a href='” + $spSite.RootWeb.Url + “‘>” + $spSite.RootWeb.Url + “</a></em>]</li><ul>”

     $curLine | Out-File $outFile -Append

     GetWebs($spSite.RootWeb.Url)

     $curLine = “</ul>”

     $curLine | Out-File $outFile -Append

     $spSite.Dispose()

}

$curLine = “</body></html>”;

$curLine | Out-File $outFile -Append

Invoke-Item $outFile