How to Check Effective Permissions of a User in Each Site in a Site Collection in SharePoint 2007 and SharePoint 2010

How to Check Effective Permissions of a User in Each Site in a Site Collection in SharePoint 2007 and SharePoint 2010

Hi,

I have observed that one of a tedious task for a SharePoint site administrator to check permissions of a user in each site in a site collection. Microsoft Admin Toolkit has provided a functionality that can be used to check effective permissions. This can be downloaded at http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=14227 for MOSS 2007 but it provides the way to check permissions only at a site, list and list item level. There is no way to use this at a single run for all sites in a site collection.
Hence to do this I have prepared the following code. It works with both MOSS 2007 and SPS 2010. This takes 2 input values. The first is the url of the site collection and the second one is the userlogin. The user login should be in the form of Domain\Username.

using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Linq;
using System.Text;
using System.Web;
using Microsoft.SharePoint;
using Microsoft.Office.Server;
using Microsoft.Office.Server.UserProfiles;
 
namespace RahulCheckEffectivePermissionsInAllWebs
{
    class Program
    {
        static void Main(string[] args)
        {
 
            try
            {
                Console.WriteLine("This tool will chcek the effective permissions of a user");
                Console.WriteLine("Please enter the url of the site collection");
                String url = Console.ReadLine();
                Console.WriteLine("Please enter the username of the user");
                String userName = Console.ReadLine();
                using (SPSite site = new SPSite(url))
                {
                    ServerContext serverContext = ServerContext.GetContext(site);
                    UserProfileManager userProfileManager = new UserProfileManager(serverContext);
                    UserProfile userProfile = userProfileManager.GetUserProfile(userName);
                    String userLogin = userProfile[PropertyConstants.AccountName].Value.ToString();
                    SPWebCollection webs = site.AllWebs;
                    foreach (SPWeb web in webs)
                    {
                        SPPermissionInfo permissionInfo = web.GetUserEffectivePermissionInfo(userLogin);
 
 
                        Collection<SPRoleAssignment> roles = permissionInfo.RoleAssignments;
                        Console.WriteLine("Now checking the permissions of the user " + userLogin + " " + "in the site " + web.Url);
                        for (int i = 0; i < roles.Count; i++)
                        {
 
                            SPRoleDefinitionBindingCollection bRoles = roles[i].RoleDefinitionBindings;
 
                            foreach (SPRoleDefinition roleDefinition in bRoles)
                            {
 
                                if (roles[i].Member.ToString().Contains('\\'))
                                {
                                    Console.WriteLine("The User " + userLogin + " has direct permissions " + roleDefinition.Name);
                                }
                                else
                                {
                                    Console.WriteLine("The User " + userLogin + " has permissions " + roleDefinition.Name + " given via " + roles[i].Member.ToString());
                                }
 
 
                            }
 
                        }
 
 
                    }
                    Console.WriteLine("Execution Completed");
                    Console.ReadLine();
                }
            }
             catch(Exception e)
            {
                Console.WriteLine(e.Message);
                Console.WriteLine(e.StackTrace);
             }
        }
        
     
    }
    }

I hope this will help you out.


Thanks,
Rahul Rashu
Leave a Comment
  • Please add 2 and 1 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Richard Mueller edited Revision 3. Comment: Changed tag "SPS 2010" to "SharePoint 2010", added tag

  • Fernando Lugão Veltem edited Revision 2. Comment: remove en-us from title

  • Ed Price - MSFT edited Revision 1. Comment: Capitalizing the "P" in "SharePoint"

  • Craig Lussier edited Original. Comment: added en-US to tags and title

Page 1 of 1 (4 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • good!!

  • good!!

  • good!!

  • good!!

  • helping

  • helping

  • helping

  • Craig Lussier edited Original. Comment: added en-US to tags and title

  • Ed Price - MSFT edited Revision 1. Comment: Capitalizing the "P" in "SharePoint"

  • Fernando Lugão Veltem edited Revision 2. Comment: remove en-us from title

  • Richard Mueller edited Revision 3. Comment: Changed tag "SPS 2010" to "SharePoint 2010", added tag

Page 1 of 1 (11 items)