if ((Get-PSSnapin "Microsoft.SharePoint.PowerShell" -ErrorAction SilentlyContinue) -eq $null) {
Add-PSSnapin "Microsoft.SharePoint.PowerShell"
}
$properties=@{SiteUrl='';SiteTitle='';ListTitle='';ObjectType='';ObjectUrl='';ParentGroup='';GroupOwner='';MemberType='';MemberName='';MemberLoginName='';JobTitle='';Department='';RoleDefinitionBindings='';};
$Permissions=@();
$UserInfoList="";
$RootWeb="";
$SiteCollectionUrl = Read-Host "Enter a Site Collection Url";
Get-SPSite $SiteCollectionUrl|Get-SPWeb -limit ALL|%{
$web = $_;
#Root Web of the Site Collection
if($web.IsRootWeb -eq $True){
$RootSiteTitle = $web.Title;
$RootWeb = $web;
$UserInfoList = $RootWeb.GetList([string]::concat($web.Url,"/_catalogs/users"));
$siteUrl = $web.Url;
$siteRelativeUrl = $web.ServerRelativeUrl;
Write-Host $siteUrl -Foregroundcolor "Red";
$siteTitle = $web.Title;
#Get Site Level Permissions if it's unique
if($web.HasUniqueRoleAssignments -eq $True){
$web.RoleAssignments|%{
$RoleDefinitionBindings=@();
$_.RoleDefinitionBindings|%{
$RoleDefinitionBindings += $_.Name;
$MemberName = $_.Member.Name;
$MemberLoginName = $_.Member.LoginName;
$MemberType = $_.Member.GetType().Name;
$GroupOwner = $_.Member.Owner.Name;
if($MemberType -eq "SPGroup"){
$JobTitle="NA";
$Department="NA";
$permission = New-Object -TypeName PSObject -Property $properties;
$permission.SiteUrl =$siteUrl;
$permission.SiteTitle = $siteTitle;
$permission.ListTitle = "NA";
$permission.ObjectType = "Site";
$permission.ObjectUrl = $siteRelativeUrl;
$permission.MemberType = $MemberType;
$permission.ParentGroup = $MemberName;
$permission.GroupOwner = $GroupOwner;
$permission.MemberName = $MemberName;
$permission.MemberLoginName = $MemberLoginName;
$permission.JobTitle = $JobTitle;
$permission.Department = $Department;
$permission.RoleDefinitionBindings = $RoleDefinitionBindings -join ",";
$Permissions +=$permission;
#Expand Groups
$web.Groups[$MemberName].Users|%{
try{
$userinfo = $UserInfoList.GetItemById($_.ID);
$JobTitle=$userinfo["JobTitle"];
$Department=$userinfo["Department"];
catch{
$permission.MemberType = "SPGroupMember";
$permission.MemberName = $_.DisplayName;
$permission.MemberLoginName = $_.UserLogin;
elseif($MemberType -eq "SPUser"){
$permission.ParentGroup = "NA";
$permission.GroupOwner = "NA";
#Get all Uniquely secured objects
$uniqueObjects = $web.GetWebsAndListsWithUniquePermissions();
#Get uniquely secured Lists pertaining to the current site
$uniqueObjects|?{$_.WebId -eq $web.Id -and $_.Type -eq "List"}|%{
$listUrl = ($_.Url);
$list = $web.GetList($listUrl);
#Exclude internal system lists and check if it has unique permissions
if($list.Hidden -ne $True){
Write-Host $list.Title -Foregroundcolor "Yellow";
$listTitle = $list.Title;
#Check List Permissions
if($list.HasUniqueRoleAssignments -eq $True){
$list.RoleAssignments|%{
$RoleDefinitionBindings="";
if($MemberType -eq "SPUser"){
$permission.ListTitle = $listTitle;
$permission.ObjectType = $list.BaseType.ToString();
$permission.ObjectUrl = $listUrl;
$permission.MemberType=$MemberType;
if($list.BaseType -eq "DocumentLibrary"){
#Check All Folders
$list.Folders|%{
$folderUrl = $_.Url;
if($_.HasUniqueRoleAssignments -eq $True){
$_.RoleAssignments|%{
#Get Permission Level against the Permission
$permission.ObjectUrl = $folderUrl;
#Check All Items
$list.Items|%{
$fileUrl = $_.File.Url;
$file=$_.File;
$permission.ObjectType = $file.GetType().Name;
$permission.ObjectUrl = $fileUrl;
if($_.IsRootWeb -ne $True){
$_.Dispose();
#Dispose root web
$RootWeb.Dispose();
$Permissions|select SiteUrl,SiteTitle,ObjectType,ObjectUrl,ListTitle,MemberName,MemberLoginName,MemberType,JobTitle,Department,ParentGroup,GroupOwner,RoleDefinitionBindings|Export-CSV ("D:\SharePoint Administration\"+$RootSiteTitle+"-Permissions.csv") -NoTypeInformation;