NerdyHearn
Home
Blog

Contact
Mailing List

Software

Active Directory Products
Object Compare
Permission Compare

IPhone Products
Calls To Calendar
SMS To CSV
SMS To Gmail
Voicemail To Gmail

Sites
DocuTerminal
How Long For Me
My Music To Me
SaveMySerials
TypeCount

Blog
Twitter

NerdyHearn - Blog


<< Back To All Blogs

Web form to help audit permissions in SharePoint 2007/MOSS

Wednesday, October 6th, 2010

Determining an overall view of SharePoint's permissions can be quite a nasty task. Without the use of paid tools it becomes almost impossible to view the breakdown of an entire Site Collection's permission structure.

We recently came across the need to determine permissions of a number of sites that are customer-facing as we are going to re-organize the site and I decided it was time to build a tool to help us in this process once and for all that we could use in the future (as this is not an un-common request).

I determined the easiest way would be to create an aspx page that could be loaded in the central admin realm.

This page is .NET 3.5-based and will iterate the entire farm, all site collections, and all sites, breaking down the permissions and roles for each site, where inheritance is broken, and when it is broken, what the updated permissions are. It even goes into list and list items permissions and inheritance. The amount of information it generates is quite overwhelming, so I ended up using this file to output directly to XML and then transformed the results as I needed via XSLT.

Without further ado, here is the code. You can simply place this entire code-integrated file in C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\ADMIN. In my case I named the file auditor.aspx so it can be accessed directly from the farm's central admin site.

<%@ Page Language="C#" ContentType="application/xml"%> 
<%@ Import Namespace="Microsoft.SharePoint.Administration" %>
<%@ Import Namespace="Microsoft.SharePoint" %>
<%@ Import Namespace="System.Linq" %>
<%@ Import Namespace="System.Xml.Linq" %>
<%@ Import Namespace="System.Xml" %>
<%@ Import Namespace="System.IO" %>
<%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>

<script runat="server">
protected override void OnLoad(EventArgs e){
try
{
SPFarm thisFarm = SPFarm.Local;

SPWebService service = thisFarm.Services.GetValue<SPWebService>("");

XDocument doc = new XDocument();
XElement root = new XElement("webapplications");

try
{
foreach (SPWebApplication webApp in service.WebApplications)
{

XElement webappelem = new XElement("webapplication");

XAttribute attrname = new XAttribute("name", webApp.DisplayName);
webappelem.Add(attrname);

try
{
XElement sites = new XElement("sites");

foreach (SPSite siteCollection in webApp.Sites)
{
XElement site = new XElement("site");

site.Add(new XAttribute("url", siteCollection.Url));
GetWebs(siteCollection.AllWebs, site);
sites.Add(site);
}

webappelem.Add(sites);
}
catch (Exception siteError)
{
webappelem.Add(new XElement("error", siteError.Message));
}
root.Add(webappelem);
}
}
catch (Exception webAppError)
{
root.Add(new XElement("error", webAppError.Message));
}

doc.Add(root);

XmlWriter writer = XmlWriter.Create(Response.OutputStream);
doc.WriteTo(writer);
writer.Close();
}
catch (Exception ex)
{
System.Web.HttpContext.Current.Response.Write(ex.Message);
}
}

public XElement GetRoleAssignments(SPRoleAssignmentCollection racollection, SPWeb web)
{
XElement raelem = new XElement("roleassignments");

foreach (SPRoleAssignment ra in racollection)
{
XElement tempra = new XElement("roleassignment");

tempra.Add(new XAttribute("name", ra.Member.Name));
tempra.Add(new XAttribute("id", ra.Member.ID));

try
{
SPGroup group = web.Groups.GetByID(ra.Member.ID);
tempra.Add(new XAttribute("isgroup", "True"));
}
catch
{
tempra.Add(new XAttribute("isgroup", "False"));
}

XElement rdtemp = new XElement("roledefinitions");
foreach (SPRoleDefinition rd in ra.RoleDefinitionBindings)
{
XElement role = new XElement("role");
role.Add(new XAttribute("name", rd.Name));
role.Add(new XAttribute("permissions", rd.BasePermissions.ToString()));
rdtemp.Add(role);
}
tempra.Add(rdtemp);

raelem.Add(tempra);
}
return raelem;
}

public void GetWebs(SPWebCollection allWebs, XElement site)
{
XElement webs = new XElement("webs");

try
{
foreach (SPWeb web in allWebs)
{
XElement webelem = new XElement("web");
webelem.Add(new XAttribute("url", web.Url));
webelem.Add(new XAttribute("title", web.Title));
webelem.Add(new XAttribute("WebTemplateID", web.WebTemplateId.ToString()));
webelem.Add(new XAttribute("WebTemplateName", web.WebTemplate));

XElement grpelem = new XElement("groups");
foreach (SPGroup group in web.Groups)
{
XElement tempgrp = new XElement("group");
tempgrp.Add(new XAttribute("name", group.Name));
tempgrp.Add(new XAttribute("id", group.ID));

string owner = group.Owner.ID.ToString();
try
{
SPUser user = web.Users.GetByID(group.Owner.ID);
owner = user.Name;
}
catch
{
try
{
SPGroup groupcheck = web.Groups.GetByID(group.Owner.ID);
owner = groupcheck.Name;
}
catch { }
}

tempgrp.Add(new XAttribute("owner", owner));

XElement members = new XElement("members");
foreach (SPUser user in group.Users)
{
XElement tempmember = new XElement("member");
tempmember.Add(new XAttribute("name", user.Name));
tempmember.Add(new XAttribute("id", user.ID));
members.Add(tempmember);
}
tempgrp.Add(members);

grpelem.Add(tempgrp);
}
webelem.Add(grpelem);

webelem.Add(GetRoleAssignments(web.RoleAssignments, web));

XElement lists = new XElement("lists");

foreach (SPList list in web.Lists)
{
XElement listelem = new XElement("list");
listelem.Add(new XAttribute("title", list.Title));
listelem.Add(new XAttribute("uniqueroleassignments", list.HasUniqueRoleAssignments));

if (list.HasUniqueRoleAssignments)
{
listelem.Add(GetRoleAssignments(list.RoleAssignments, web));
}

XElement itemselem = new XElement("items");
foreach (SPListItem item in list.Items)
{
XElement itemelem = new XElement("item");
try
{
itemelem.Add(new XAttribute("title", item.Title));
}
catch {
try
{
itemelem.Add(new XAttribute("title", item.DisplayName));
}
catch {
itemelem.Add(new XAttribute("title", "Not Available"));
}
}
if (item.HasUniqueRoleAssignments)
{
itemelem.Add(GetRoleAssignments(item.RoleAssignments, web));
}
itemselem.Add(itemelem);
}
listelem.Add(itemselem);

lists.Add(listelem);
}

webelem.Add(lists);

webs.Add(webelem);
web.Dispose();
}
}
catch (Exception webError)
{
webs.Add(new XElement("error", webError.Message));
}

site.Add(webs);
}
</script>


Auditin' Tom Out.

Tags

SharePoint

Related Blogs

Up the creek without a paddle: Taking over a deserted SharePoint 2007 installation
Creating a dynamic SharePoint settings DropDown using a ToolPart
Resolving "The application failed to initialize properly (0xc000007b)" in MOSS 2007
Configuring ASP.NET (And SharePoint) to use SQL-based Sessions
Receiving "The specified file is not a valid spreadsheet or contains no data" when importing to Office 365

Comments

Stephen said on Monday, January 10th, 2011 @ 8:05 AM

Yes, without the use of third-party tools, breaking down all SharePoint permissions can be somewhat impossibleóbut not all third-party tools are paid. The NetWrix SharePoint Change Reporter, for example, is a free solution that tracks all administrative modifications, including those made to SharePoint farms, servers and sites, as well as their settings and permissions. The NetWrix tool sends daily e-mail reports that point to all changes made to SharePoint configurations, and it is good for time-unlimited business usage at no cost.
Download the freeware tool: http://www.netwrix.com/sharepoint_change_reporter_freeware.html
Hope some of you find this helpful,

Stephen Schimmel
Product Manager
NetWrix Corporation
www.netwrix.com


Add A Comment

Name:


URL:


Email Address: (not public, used to send notifications on further comments)


Comments:



Enter the text above, except for the 1st and last character:


NerdyHearn - Latest tech news relating to C#, ASP.NET, SharePoint, PHP, general development, and more. DocuTerminal - Online Filing Cabinet solution. Scan, search and archive your paper documents. SaveMySerials - Protect yourself from theft, fire, natural disasters and more by recording your serial numbers My Music To Me - Stream your subsonic music collection to your Sonos wireless system TypeCount - Count how often you type across different computers! ServrTrackr - Monitor your SSL certificates, website uptime, and DNS configurations