Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, May 4, 2012 6:39 AM
Hi Friends,
We have multiple web apps, site collections & large number of sub sites.
most of the sub sites are inheriting permissions from parent (site collections) but not all.
Idea is to get the report on farm or web app detailing about all permissions (who has what access) only where there is a broken inheritance.
Rgds, Minesh
All replies (5)
Friday, May 4, 2012 9:31 AM âś…Answered | 2 votes
Just roughly created a Powershell script that will run through all the site collections of a web application. To run this:
1. save the contents below to a file on the SharePoint server. (e.g. C:\temp\Find-BrokenInherittance.ps1)
2. start a SharePoint 2010 Management Shell on one of your SharePoint servers and execute the powershell script by calling ./Find-BrokenInheritance.ps1 -url http://portal.contoso.com (replace url with any url of a site collection within the web application you want to check )
EDIT: I posted the script at http://gallery.technet.microsoft.com/Find-Broken-Inhertitance-be991a85
param($url = "")
Function ReadWebPermissionInheritance($web)
{
foreach ($subweb in $web.Webs)
{
ReadWebPermissionInheritance($subweb)
}
foreach ($list in $web.Lists)
{
ReadListPermissionInheritance($list)
}
if ($web.HasUniqueRoleAssignments)
{
Write-Host "inheritance broken on WEB:" $web.Url
}
}
Function ReadListPermissionInheritance($list)
{
#read list items => files
foreach($item in $list.Items)
{
if ($item.HasUniqueRoleAssignments)
{
Write-Host "WEB:" $list.ParentWebUrl "- LIST:" $list.Title " - inheritance broken on LISTITEM:" $item.Url
}
}
#read list folders => folders
foreach ($folder in $list.Folders) {
if ($folder.HasUniqueRoleAssignments)
{
Write-Host "WEB:" $list.ParentWebUrl "- LIST:" $list.Title " - inheritance broken on LISTFOLDER:" $folder.Url
}
}
#read the list itself
if ($list.HasUniqueRoleAssignments)
{
Write-Host "WEB:" $list.ParentWebUrl "- inheritance broken on LIST:" $list.Title
}
}
if ($url -eq "")
{
Write-Warning "Please specify a site collection"
Write-Host "Usage: ./Find-BrokenInheritance.ps1 -url http://portal.contoso.com"
exit
}
$siteCollection = Get-SPSite $url
$WebApp = $siteCollection.WebApplication
foreach ($Site in $WebApp.Sites)
{
foreach($spWeb in $Site.AllWebs)
{
if (!$spWeb.IsRootWeb)
{
ReadWebPermissionInheritance($spWeb)
}
}
}
Dirk Van den Berghe
Friday, May 4, 2012 7:00 AM | 1 vote
Hi! you can use broken inheritance reports for this http://office.microsoft.com/en-us/sharepoint-server-help/run-broken-inheritance-reports-HA010367941.aspx
Friday, May 4, 2012 7:03 AM | 1 vote
Getting the web where there is broken permission : Loop through all the webs and check for following property
web.HasUniqueRoleAssignments
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spweb.hasuniqueroleassignments(v=office.12).aspx , if 'true' the web has broken permission and you can list out the permissions. For getting all the permissions you can check : http://www.c-sharpcorner.com/uploadfile/anavijai/how-to-get-all-the-permission-levels-in-sharepoint-2010/
get2pallav
Please click "Propose As Answer" if this post solves your problem or "Vote As Helpful" if this post has been useful to you.
Friday, May 4, 2012 7:39 AM | 1 vote
Its a part of ' SharePoint Administration Toolkit for SharePoint 2007' but not a part of ' SharePoint Administration Toolkit for SharePoint 2010'.
get2pallav
Please click "Propose As Answer" if this post solves your problem or "Vote As Helpful" if this post has been useful to you.
Friday, May 4, 2012 7:43 AM
thanks for the prompt response.
So, can i have a step by step or a detailed code & not just the property if i have to take a report over a particular web app & a farm (both).
i am quite alien to sp development & trying to get in, hope you understand & respond.
Rgds, Minesh