Jax SharePoint Blog

SharePoint Classic Video Player taken directly off backend SharePoint Classic, so it just works.

Add this to a script editor web part

Here is the code:

The yellow is the link location to the video

The pink in the link location to the preview image of the video

I found the most awesome PowerShell script which generates a csv of all the permission access within a SharePoint site. It works so well.

One of the biggest issues in SharePoint, is access. Making sure the right people have the right access to the right things, and more importantly the wrong people don't have access. But SharePoint doesn't give you a good overview of this information. This is why this script is so nice. Its shows, who has access, and where, and with what level.

Original Article from Microsoft SharePoint TechNet:

http://social.technet.microsoft.com/wiki/contents/articles/14242.sharepoint-2010-export-all-unique-permissions-from-site-collection-using-powershell.aspx

How to get it to work:

Save the script as a PowerShell script, example: CreatePermissionMatrix.ps1
Goto the SharePoint Server.
Create a folder, example: C:\PermissionLog
Copy the script in here.
Open "SharePoint Management Shell", as Administrator.
Run the PowerShell script, example: . C:\PermissionLog\CreatePermissionMatrix.ps1
The script will then ask for the SharePoint site URL, you want to report on.
The script will then ask for the location, where the csv file will be generated, example: C:\PermissionLog
Script Done :)
Then you can go a retrieve the csv file.
It will show: Who has access, and where, and with what level

PowerShell Script:

if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null) {

Add-PSSnapin "Microsoft.SharePoint.PowerShell"

}

$properties=@{SiteUrl='';SiteTitle='';ListTitle='';ObjectType='';ObjectUrl='';ParentGroup='';GroupOwner='';MemberType='';MemberName='';MemberLoginName='';JobTitle='';Department='';RoleDefinitionBindings='';};

$Permissions=@();

$UserInfoList="";

$RootWeb="";

$SiteCollectionUrl = Read-Host "Enter a Site Collection Url";

$ExportFileDirectory = Read-Host "Enter the Directory Path to create permissions export file";

if(Test-Path $ExportFileDirectory){

$spAssgn = Start-SPAssignment;

Get-SPSite $SiteCollectionUrl -AssignmentCollection $spAssgn|Get-SPWeb -limit ALL -AssignmentCollection $spAssgn|%{

$web = $_;

#Root Web of the Site Collection

if($web.IsRootWeb -eq $True){

$RootSiteTitle = $web.Title;

$RootWeb = $web;

$UserInfoList = $RootWeb.GetList([string]::concat($web.Url,"/_catalogs/users"));

}

$siteUrl = $web.Url;

$siteRelativeUrl = $web.ServerRelativeUrl;

Write-Host $siteUrl -Foregroundcolor "Red";

$siteTitle = $web.Title;

#Get Site Level Permissions if it's unique

if($web.HasUniqueRoleAssignments -eq $True){

$web.RoleAssignments|%{

$RoleDefinitionBindings=@();

$_.RoleDefinitionBindings|%{

$RoleDefinitionBindings += $_.Name;

}

$MemberName = $_.Member.Name;

$MemberLoginName = $_.Member.LoginName;

$MemberType = $_.Member.GetType().Name;

$GroupOwner = $_.Member.Owner.Name;

if($MemberType -eq "SPGroup"){

$JobTitle="NA";

$Department="NA";

$permission = New-Object -TypeName PSObject -Property $properties;

$permission.SiteUrl =$siteUrl;

$permission.SiteTitle = $siteTitle;

$permission.ListTitle = "NA";

$permission.ObjectType = "Site";

$permission.ObjectUrl = $siteRelativeUrl;

$permission.MemberType = $MemberType;

$permission.ParentGroup = $MemberName;

$permission.GroupOwner = $GroupOwner;

$permission.MemberName = $MemberName;

$permission.MemberLoginName = $MemberLoginName;

$permission.JobTitle = $JobTitle;

$permission.Department = $Department;

$permission.RoleDefinitionBindings = $RoleDefinitionBindings -join ",";

$Permissions +=$permission;

#Expand Groups

$web.Groups[$MemberName].Users|%{

$JobTitle="NA";

$Department="NA";

try{

$userinfo = $UserInfoList.GetItemById($_.ID);

$JobTitle=$userinfo["JobTitle"];

$Department=$userinfo["Department"];

}

catch{

}

$permission = New-Object -TypeName PSObject -Property $properties;

$permission.SiteUrl =$siteUrl;

$permission.SiteTitle = $siteTitle;

$permission.ListTitle = "NA";

$permission.ObjectType = "Site";

$permission.ObjectUrl = $siteRelativeUrl;

$permission.MemberType = "SPGroupMember";

$permission.ParentGroup = $MemberName;

$permission.GroupOwner = $GroupOwner;

$permission.MemberName = $_.DisplayName;

$permission.MemberLoginName = $_.UserLogin;

$permission.JobTitle = $JobTitle;

$permission.Department = $Department;

$permission.RoleDefinitionBindings = $RoleDefinitionBindings -join ",";

$Permissions +=$permission;

}

elseif($MemberType -eq "SPUser"){

$JobTitle="NA";

$Department="NA";

try{

$userinfo = $UserInfoList.GetItemById($_.ID);

$JobTitle=$userinfo["JobTitle"];

$Department=$userinfo["Department"];

}

catch{

}

$permission = New-Object -TypeName PSObject -Property $properties;

$permission.SiteUrl =$siteUrl;

$permission.SiteTitle = $siteTitle;

$permission.ListTitle = "NA";

$permission.ObjectType = "Site";

$permission.MemberType = $MemberType;

$permission.ObjectUrl = $siteRelativeUrl;

$permission.ParentGroup = "NA";

$permission.GroupOwner = "NA";

$permission.MemberName = $MemberName;

$permission.MemberLoginName = $MemberLoginName;

$permission.JobTitle = $JobTitle;

$permission.Department = $Department;

$permission.RoleDefinitionBindings = $RoleDefinitionBindings -join ",";

$Permissions +=$permission;

}

#Get all Uniquely secured objects

$uniqueObjects = $web.GetWebsAndListsWithUniquePermissions();

#Get uniquely secured Lists pertaining to the current site

$uniqueObjects|?{$_.WebId -eq $web.Id -and $_.Type -eq "List"}|%{

$listUrl = ($_.Url);

$list = $web.GetList($listUrl);

#Exclude internal system lists and check if it has unique permissions

if($list.Hidden -ne $True){

Write-Host $list.Title -Foregroundcolor "Yellow";

$listTitle = $list.Title;

#Check List Permissions

if($list.HasUniqueRoleAssignments -eq $True){

$list.RoleAssignments|%{

$RoleDefinitionBindings="";

$_.RoleDefinitionBindings|%{

$RoleDefinitionBindings += $_.Name;

}

$MemberName = $_.Member.Name;

$MemberLoginName = $_.Member.LoginName;

$MemberType = $_.Member.GetType().Name;

$JobTitle="NA";

$Department="NA";

if($MemberType -eq "SPUser"){

try{

$userinfo = $UserInfoList.GetItemById($_.ID);

$JobTitle=$userinfo["JobTitle"];

$Department=$userinfo["Department"];

}

catch{

}

$permission = New-Object -TypeName PSObject -Property $properties;

$permission.SiteUrl =$siteUrl;

$permission.SiteTitle = $siteTitle;

$permission.ListTitle = $listTitle;

$permission.ObjectType = $list.BaseType.ToString();

$permission.ObjectUrl = $listUrl;

$permission.ParentGroup = "NA";

$permission.GroupOwner = "NA";

$permission.MemberType=$MemberType;

$permission.MemberName = $MemberName;

$permission.MemberLoginName = $MemberLoginName;

$permission.JobTitle = $JobTitle;

$permission.Department = $Department;

$permission.RoleDefinitionBindings = $RoleDefinitionBindings -join ",";

$Permissions +=$permission;

}

if($list.BaseType -eq "DocumentLibrary"){

#Check All Folders

$list.Folders|%{

$folderUrl = $_.Url;

if($_.HasUniqueRoleAssignments -eq $True){

$_.RoleAssignments|%{

$RoleDefinitionBindings="";

#Get Permission Level against the Permission

$_.RoleDefinitionBindings|%{

$RoleDefinitionBindings += $_.Name;

}

$MemberName = $_.Member.Name;

$MemberLoginName = $_.Member.LoginName;

$MemberType = $_.Member.GetType().Name;

$JobTitle="NA";

$Department="NA";

if($MemberType -eq "SPUser"){

try{

$userinfo = $UserInfoList.GetItemById($_.ID);

$JobTitle=$userinfo["JobTitle"];

$Department=$userinfo["Department"];

}

catch{

}

$permission = New-Object -TypeName PSObject -Property $properties;

$permission.SiteUrl =$siteUrl;

$permission.SiteTitle = $siteTitle;

$permission.ListTitle = $listTitle;

$permission.ObjectType = $list.BaseType.ToString();

$permission.ObjectUrl = $folderUrl;

$permission.MemberType = $MemberType;

$permission.ParentGroup = "NA";

$permission.GroupOwner = "NA";

$permission.MemberName = $MemberName;

$permission.MemberLoginName = $MemberLoginName;

$permission.JobTitle = $JobTitle;

$permission.Department = $Department;

$permission.RoleDefinitionBindings = $RoleDefinitionBindings -join ",";

$Permissions +=$permission;

}

#Check All Items

$list.Items|%{

$fileUrl = $_.File.Url;

$file=$_.File;

if($_.HasUniqueRoleAssignments -eq $True){

$_.RoleAssignments|%{

$RoleDefinitionBindings="";

$_.RoleDefinitionBindings|%{

$RoleDefinitionBindings += $_.Name;

}

$MemberName = $_.Member.Name;

$MemberLoginName = $_.Member.LoginName;

$MemberType = $_.Member.GetType().Name;

$JobTitle="NA";

$Department="NA";

if($MemberType -eq "SPUser"){

try{

$userinfo = $UserInfoList.GetItemById($_.ID);

$JobTitle=$userinfo["JobTitle"];

$Department=$userinfo["Department"];

}

catch{

}

$permission = New-Object -TypeName PSObject -Property $properties;

$permission.SiteUrl =$siteUrl;

$permission.SiteTitle = $siteTitle;

$permission.ListTitle = $listTitle;

$permission.ObjectType = $file.GetType().Name;

$permission.ObjectUrl = $fileUrl;

$permission.MemberType=$MemberType;

$permission.MemberName = $MemberName;

$permission.MemberLoginName = $MemberLoginName;

$permission.JobTitle = $JobTitle;

$permission.Department = $Department;

$permission.RoleDefinitionBindings = $RoleDefinitionBindings -join ",";

$Permissions +=$permission;

}

if($_.IsRootWeb -ne $True){

$_.Dispose();

}

#Dispose root web

$RootWeb.Dispose();

Stop-SPAssignment $spAssgn;

$exportFilePath = Join-Path -Path $ExportFileDirectory -ChildPath $([string]::Concat($RootSiteTitle,"-Permissions.csv"));

$Permissions|Select SiteUrl,SiteTitle,ObjectType,ObjectUrl,ListTitle,MemberName,MemberLoginName,MemberType,JobTitle,Department,ParentGroup,GroupOwner,RoleDefinitionBindings|Export-CSV -Path $exportFilePath -NoTypeInformation;

}

else{

Write-Host "Invalid directory path:" $ExportFileDirectory -ForegroundColor "Red";

}

Jax SharePoint Blog

Wednesday 12 April 2023

SharePoint Classic Video Player

Tuesday 26 February 2019

2019 Modern SharePoint sites

There are 2 options:

1. The Communication Site has 3 options:

2. The Teams Site has only 1 options

Screenshots

Wednesday 14 June 2017

Mapped crawled properties for "URL"

ows_URL

ows_q_URLH_URL

RefinableString for Title

Monday 31 October 2016

Wednesday 14 October 2015

SharePoint Permission Matrix generated by PowerShell

How to get it to work:

PowerShell Script:

Monday 15 June 2015

Content Search Query rules to find all Sub Sites within the Current Site

Query:

How-to: