Tuesday, November 20, 2018

Sharepoint Permission Report

# This script gets permissions for all users in a web application on all objects (web application > site collection > web > list/library > item)
# Note that unlike Salaudeen's original script, this script shows Limited Access permissions.
# Note that AD groups and users in AD groups are not included

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

Function GetUserAccessReport($WebAppURL, $FileUrl)
{
Write-Host "Generating permission report..."

#Get All Site Collections of the WebApp
$SiteCollections = Get-SPSite -WebApplication $WebAppURL -Limit All

#Write CSV- TAB Separated File) Header
"URL`tSite/List/Folder/Item`tTitle/Name`tPermissionType`tPermissions `tLoginName" | out-file $FileUrl

#Check Web Application Policies
$WebApp= Get-SPWebApplication $WebAppURL

foreach ($Policy in $WebApp.Policies)
  {
$PolicyRoles=@()
foreach($Role in $Policy.PolicyRoleBindings)
{
$PolicyRoles+= $Role.Name +";"
}

"$($AdminWebApp.URL)`tWeb Application`t$($AdminSite.Title)`tWeb Application Policy`t$($PolicyRoles)`t$($Policy.UserName)" | Out-File $FileUrl -Append
}

#Loop through all site collections
foreach($Site in $SiteCollections)
    {
  #Check Whether the Search User is a Site Collection Administrator
  foreach($SiteCollAdmin in $Site.RootWeb.SiteAdministrators)
      {
"$($Site.RootWeb.Url)`tSite`t$($Site.RootWeb.Title)`tSite Collection Administrator`tSite Collection Administrator`t$($SiteCollAdmin.LoginName)" | Out-File $FileUrl -Append
}
 
   #Loop throuh all Sub Sites
       foreach($Web in $Site.AllWebs)
       {
if($Web.HasUniqueRoleAssignments -eq $True)
{
#Get all the users granted permissions to the list
foreach($WebRoleAssignment in $Web.RoleAssignments )
{
#Is it a User Account?
if($WebRoleAssignment.Member.userlogin)   
{
#Get the Permissions assigned to user
$WebUserPermissions=@()
foreach ($RoleDefinition  in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebUserPermissions += $RoleDefinition.Name +";"
}

#Send the Data to Log file
"$($Web.Url)`tSite`t$($Web.Title)`tDirect Permission`t$($WebUserPermissions) `t$($WebRoleAssignment.Member.LoginName)" | Out-File $FileUrl -Append
}
#Its a SharePoint Group, So search inside the group and check if the user is member of that group
else 
{
foreach($user in $WebRoleAssignment.member.users)
{
#Get the Group's Permissions on site
$WebGroupPermissions=@()
foreach ($RoleDefinition  in $WebRoleAssignment.RoleDefinitionBindings)
{
$WebGroupPermissions += $RoleDefinition.Name +";"
}

#Send the Data to Log file
"$($Web.Url)`tSite`t$($Web.Title)`tMember of $($WebRoleAssignment.Member.Name) Group`t$($WebGroupPermissions)`t$($user.LoginName)" | Out-File $FileUrl -Append
}
}
}
}

#********  Check Lists, Folders, and Items with Unique Permissions ********/
foreach($List in $Web.lists)
{
if($List.HasUniqueRoleAssignments -eq $True -and ($List.Hidden -eq $false))
{
#Get all the users granted permissions to the list
foreach($ListRoleAssignment in $List.RoleAssignments )
{
#Is it a User Account?
if($ListRoleAssignment.Member.userlogin)   
{
#Get the Permissions assigned to user
$ListUserPermissions=@()
foreach ($RoleDefinition  in $ListRoleAssignment.RoleDefinitionBindings)
{
$ListUserPermissions += $RoleDefinition.Name +";"
}

#Send the Data to Log file
"$($List.ParentWeb.Url)/$($List.RootFolder.Url)`tList`t$($List.Title)`tDirect Permission`t$($ListUserPermissions) `t$($ListRoleAssignment.Member)" | Out-File $FileUrl -Append
}
#Its a SharePoint Group, So search inside the group and check if the user is member of that group
else 
{
foreach($user in $ListRoleAssignment.member.users)
{
#Get the Group's Permissions on site
$ListGroupPermissions=@()
foreach ($RoleDefinition  in $ListRoleAssignment.RoleDefinitionBindings)
{
$ListGroupPermissions += $RoleDefinition.Name +";"
}

#Send the Data to Log file
"$($List.ParentWeb.Url)/$($List.RootFolder.Url)`tList`t$($List.Title)`tMember of $($ListRoleAssignment.Member.Name) Group`t$($ListGroupPermissions)`t$($user.LoginName)" | Out-File $FileUrl -Append
}
}
}
}

#Get Folder level permissions
foreach($Folder in $List.folders)
{
if($Folder.HasUniqueRoleAssignments -eq $True)
{
#Get all the users granted permissions to the folder
foreach($FolderRoleAssignment in $Folder.RoleAssignments )
{
#Is it a User Account?
if($FolderRoleAssignment.Member.userlogin)   
{
#Get the Permissions assigned to user
$FolderUserPermissions=@()
foreach ($RoleDefinition  in $FolderRoleAssignment.RoleDefinitionBindings)
{
$FolderUserPermissions += $RoleDefinition.Name +";"
}

#Send the Data to Log file
"$($Folder.Web.Url)/$($Folder.Url)`tFolder`t$($Folder.Title)`tDirect Permission`t$($FolderUserPermissions) `t$($FolderRoleAssignment.Member)" | Out-File $FileUrl -Append
}
#Its a SharePoint Group, So search inside the group and check if the user is member of that group
else 
{
foreach($user in $FolderRoleAssignment.member.users)
{
#Get the Group's Permissions on site
$FolderGroupPermissions=@()
foreach ($RoleDefinition  in $FolderRoleAssignment.RoleDefinitionBindings)
{
$FolderGroupPermissions += $RoleDefinition.Name +";"
}

#Send the Data to Log file
"$($Folder.Web.Url)/$($Folder.Url)`tFolder`t$($Folder.Title)`tMember of $($FolderRoleAssignment.Member.Name) Group`t$($FolderGroupPermissions)`t$($user.LoginName)" | Out-File $FileUrl -Append

}
}
}
}
}

#Get Item level permissions
foreach($Item in $List.items)
{
if($Item.HasUniqueRoleAssignments -eq $True)
{
#Get all the users granted permissions to the item
foreach($ItemRoleAssignment in $Item.RoleAssignments )
{
#Is it a User Account?
if($ItemRoleAssignment.Member.userlogin)   
{
#Get the Permissions assigned to user
$ItemUserPermissions=@()
foreach ($RoleDefinition  in $ItemRoleAssignment.RoleDefinitionBindings)
{
$ItemUserPermissions += $RoleDefinition.Name +";"
}

                                #Prepare item's absolute Url and Name
                                $ItemDispForm = $Item.ParentList.Forms | where { $_.Type -eq "PAGE_DISPLAYFORM" } | Select-Object -first 1
                                if ($ItemDispForm.Url)
                                {
                                    $ItemUrl = "$($Item.Web.Url)/$($ItemDispForm.Url)?ID=$($Item.ID)"
                                }
                                else
                                {
                                    $ItemUrl = "$($Item.Url)"
                                }

                                if ($Item.Name)
                                {
                                    $ItemTitle = $Item.Name
                                }
                                else
                                {
                                    $ItemTitle = $Item.Title
                                }

#Send the Data to Log file
"$($ItemUrl)`tItem`t$($ItemTitle)`tDirect Permission`t$($ItemUserPermissions) `t$($ItemRoleAssignment.Member)" | Out-File $FileUrl -Append
}
#Its a SharePoint Group, So search inside the group and check if the user is member of that group
else 
{
foreach($user in $ItemRoleAssignment.member.users)
{
#Get the Group's Permissions on site
$ItemGroupPermissions=@()
foreach ($RoleDefinition  in $ItemRoleAssignment.RoleDefinitionBindings)
{
$ItemGroupPermissions += $RoleDefinition.Name +";"
}

                                    #Prepare item's absolute Url and Name
                                    $ItemDispForm = $Item.ParentList.Forms | where { $_.Type -eq "PAGE_DISPLAYFORM" } | Select-Object -first 1
                                    if ($ItemDispForm.Url)
                                    {
                                        $ItemUrl = "$($Item.Web.Url)/$($ItemDispForm.Url)?ID=$($Item.ID)"
                                    }
                                    else
                                    {
                                        $ItemUrl = "$($Item.Url)"
                                    }

                                    if ($Item.Name)
                                    {
                                        $ItemTitle = $Item.Name
                                    }
                                    else
                                    {
                                        $ItemTitle = $Item.Title
                                    }

                                    #Send the Data to Log file
                                    "$($ItemUrl)`tItem`t$($ItemTitle)`tMember of $($ItemRoleAssignment.Member.Name) Group`t$($ItemGroupPermissions)`t$($user.LoginName)" | Out-File $FileUrl -Append

}
}
}
}
}
}
}
}
}

#Call the function to Check User Access
GetUserAccessReport "http://web" "C:\SharePoint_Permission_Report.csv"
Write-Host "Complete"

Posted by at No comments:

Delete all items from list using Powershell script

#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
 
#Variables for Processing
$SiteUrl = "https://"
$ListName="ListName"

$UserName="test@cp.onmicrosoft.com"
$Password ="11111"
 
#Setup Credentials to connect
$Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($UserName,(ConvertTo-SecureString $Password -AsPlainText -Force))
 
#Set up the context
$Context = New-Object Microsoft.SharePoint.Client.ClientContext($SiteUrl)
$Context.Credentials = $credentials
 
#Get the List
$List = $Context.web.Lists.GetByTitle($ListName)
$ListItems = $List.GetItems([Microsoft.SharePoint.Client.CamlQuery]::CreateAllItemsQuery())
$Context.Load($ListItems)
$Context.ExecuteQuery()     

write-host "Total Number of List Items found:"$ListItems.Count

    #sharepoint online powershell delete all list items
    if ($ListItems.Count -gt 0)
    {
        #Loop through each item and delete
        For ($i = $ListItems.Count-1; $i -ge 0; $i--)
        {
            $ListItems[$i].DeleteObject()
        }
        $Context.ExecuteQuery()
       
        Write-Host "All List Items deleted Successfully!"
    }

Posted by at No comments:

Create Cab File using cmd

makecab "C:\Users\Downloads\manifest.xml" "C:\Users\Downloads\Archive.cab"
Posted by at No comments:

Generate Audit Log

Step 1:
Goto Main Site and click on site settings

Step 2:
Click on Audit Log reports

Step 3 :
Click on Run a custom report

Step 4:
select the settings and click on OK to generate Audit Log.
Posted by at No comments:

Refresh Login Token in Rest API

Below Code is used in AJAX Call to Refresh the Login Token in Rest API Queries

"X-RequestDigest": $('#__REQUESTDIGEST').val(data.d.GetContextWebInformation.FormDigestValue)

or

setInterval(function() {
UpdateFormDigest(_spPageContextInfo.webServerRelativeUrl, _spFormDigestRefreshInterval);
}, 5 * 60000);
Posted by at No comments:

Login with New User in Sharepoint

Domain/sites/Sitecollection/_layouts/closeConnection.aspx?loginasanotheruser=true

Posted by at No comments:
Subscribe to: Posts (Atom)