I was recently asked to help with a PowerShell script that will extract all user permissions from a SharePoint 2010 Site to a CSV.
Problem:
A SharePoint site went down and we needed to recover it. Most of the issues are already sorted out but we now need to move all the permissions to a new server.
Solution:
By using PowerShell it is very easy to accomplish this. I have modified the code provided by CodeDynamics to run through all users and then execute the provided code. I have also changed the output to append all lines to the CSV. You will have to provide a site URL and location for the CSV file inside the script. Once you run this it will export all permissions from SharePoint 2010 Site to a CSV file. You can download the script from the download button at the bottom of this post.
Export User Permissions from SharePoint 2010 to CSV
Tip:
If you are searching for a replacement of the normal SharePoint 2010 PowerShell you can have a look at PowerGui. It is very easy to use and you can also download Add-Ons that support SharePoint 2010.
Thanks for visiting my blog, and I hope you find it easy to extract user permissions from a SharePoint 2010 Site to a CSV file. You can contact me on Skype @ corvitech
References:
http://sp2010userperm.codeplex.com
How hard would it be to modify this to have it loop thru all sub sites in a site collection and add that sub site to the csv?
Hi Drew,
Thanks for visiting my blog.
You can do this by running a loop through all sites and calling the function at the bottom of the script passing the site URL.
So you will call this part as a function on it’s own and $SiteParameter will be the site name found in the loop.
$site = $gc | Get-SPSite $SiteParameter
$groups = $site.RootWeb.sitegroups
foreach ($grp in $groups) {
foreach ($user in $grp.users)
{
$user = $user.LoginName
$webPermissions = $site | Get-SPWeb –Limit All | Get-SPUserEffectivePermissions $user
$listPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists | Get-SPUserEffectivePermissions $user}
($webPermissions + $listPermissions) | ConvertTo-Csv -NoTypeInformation | Add-Content -Path c:perms.csv
}
Add-Content -Path c:perms.csv -Value $justData -Encoding UTF8
}
You can have a look at this code to create a loop through all sites:
$site = Get-SPSite -identity http://{siteurl}
$site | Get-SPWeb -limit all | ForEach-Object { Write-Host $_.Url; Disable-SPFeature -Identity {featureid} -url $_.Url; Enable-SPFeature -Identity {featureid} -url $_.Url }
Let me know if you would like to see a working demo. I will then put together a part two post on this. ASAP.
Kind Regards
I would love that! Thanks for the tips and help. This post is really useful.
Hi Drew,
I created a quick test on this script. It looks like it is actually running through all sub sites as well.
I created this script to do a loop but it is not required.
You can add this to the end of the function script, or replace everything at the bottom after the function.
Get-SPWebApplication http://win-nms515ld9v7 | Get-SPSite -Limit All | Get-SPWeb -Limit All | Select Title, URL, ID, ParentWebID | Export-CSV C:InfoArch.csv -NoTypeInformation
$siteCSV = import-csv C:InfoArch.csv
foreach($siteName in $siteCSV)
{
$site = $gc | Get-SPSite $siteName.url
$groups = $site.RootWeb.sitegroups
foreach ($grp in $groups) {
foreach ($user in $grp.users)
{
$user = $user.LoginName
$webPermissions = $site | Get-SPWeb –Limit All | Get-SPUserEffectivePermissions $user
$listPermissions = $site | Get-SPWeb –Limit All | %{$_.Lists | Get-SPUserEffectivePermissions $user}
($webPermissions + $listPermissions) | ConvertTo-Csv -NoTypeInformation | Add-Content -Path c:perms.csv
}
Add-Content -Path c:perms.csv -Value $justData -Encoding UTF8
}
$site.Dispose()
$gc | Stop-SPAssignment
}
Let me know if you have any issues.
I tried attached script. Changed site URL and destination folder for the export (csv) file accurately. When I ran the script I am getting following error. Any help is appreciated.
PS C:ScriptsPermissions> .getallsiteuserpermissions.ps1
WARNING: No assignment object was provided. Either specify the assignment object to stop or use -Global to stop the global assignment.
Hello,
did anyone also get the message that “Get-SPUserEffectivePermissions ” is not a valid cmdlet?!?
Any suggestions?
Hi Andre,
Make sure you are running SP PowerShell as with Admin privileges.
Kind Regards
Thanks allot, exactly what I was looking for.
It gives me error ,
ConvertTo CSV| cannot bind parameter ‘input object as it is null.
Thank you for this blog posting. I notice that the Reference URL to codeplex is no longer available. Has that been moved?
Also, in the screen shot, I see that the type of object to which the user has access is listed – but not the name of the object.
I was wondering how hard it would be to add the name – or the URL – of the object to which the user has access.
Thank you
I have been working with your “Download” .zip file script.
I made a slight change to use powershell variables for the URL as well as for the path and name of the CSV file.
I see two odd behaviors.
1. The initial csv line, used for headers, is missing the first 3 characters – the ‘ “Gra ‘ are missing. That seems a bit odd.
2. During the run, there were 4 messages that say:
Method invocation failed because [System.Management.Automation.PSObject] doesn’t contain a method named ‘op_Addition’.
At C:userssa_spfarmdocumentswindows powershellgetallsiteuserpermissions.ps1:89 char:22
+ ($webPermissions + <<<< $listPermissions) | ConvertTo-Csv -NoTypeInformation | Add-Content -Path $outputCSV
+ CategoryInfo : InvalidOperation: (op_Addition:String) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
Is it possible that using variables to contain the file names could cause these problems? Or could it be something else?
I am using SharePoint 2010, service pack 2 on Windows Server 2008 R2 – if that might matter.
This website certainly has all the information I wanted concerning this subject and
didn’t know who to ask.
This is EXACTLY what I’ve been searching for. Thank you so much for providing this script!
How do we “IMPORT” them to a different location? Is there a script for that?
Hi Greg,
I have not yet found the need to import this back into the system. I do believe this is possible.
Kind Regards
I’m getting an error when running as administator. Any ideas?
WARNING: No assignment object was provided. Either specify the assignment object to stop or use -Global to stop the global assignment.
I’m getting this error too =(
I too get:
WARNING: No assignment object was provided. Either specify the assignment object to stop or use -Global to stop the global assignment.
Anyone found the reason for this yet?
Can we change a users login name to the other one that we want? Please advice, Thank you
Hi I have a question about changing a powershell script that I have from another source. I need to add one condition to it that I haven’t been able to get to work successfully and I was wondering if you could share some advice.
I get “the term ‘get-SPSite’ is not recognized as the name of a cmdlet, function, …..
I started with “run as administrator”…
Somebody any idea?
Thanks in advance.
Kind regards
Kurt
Solved: not using powershell, but sharepoint management shell 2010.
Are there solutionss for no assignment object was provided? … use -global to stop the global assignment
Good Morning,
I need help to right a powershell code to extract all user permissions and files they have permissions for a sharepoint site
There is roughly 384 documents on the sharepoint site and each one will have different users assigned to be able to view the files..
Please can anyone help right this script as the scripts above I am struggling to break down and understand each component
Thanks in advance
Gary
i want to display item permissions , the above script is useful a for displaying site, list level but I need to display itemlevel permissions. Please help on that pat. can any one provide outputs
Good Morning,
I need help to right a PowerShell code to extract all user permissions for list items in SharePoint site .
Please can anyone help right this script as the scripts above I am struggling to break down and understand each component