How to reset a user's permissions
https://sharepoint.stackexchange.com/questions/169246
-
07-10-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I need to reset the permission granted to a user in a Sharepoint 2013 farm. That is: revoking any permissions ever granted to this user (Read, Collaboration, etc...) for any sites, lists, folders, etc. He/She should not be able to access any resources of the farm anymore.
I wonder what is the best way to accomplish this task given that:
- the user profile is imported from Active Directory via User Profile Synchronization,
- it is member of some AD groups that are granted specific permissions in Sharepoint
Can I simply delete the user in Sharepoint?
If I delete the user, will it be imported again the next time the User Profile Synchronization runs? (that would render my deletion useless, wouldn't it?)
If I also remove the user from any AD groups it belongs to, would it be enough?
Finally, the long solution: do I have to retrieve every permission the user has (with Get-PermissionInfo or something) and then go after each of them and delete them (and also remove the AD user from the AD groups)?
Solution
If you delete a user from site collection then user will not able to access the site collection. But that user will not be deleted by SharePoint, his profile will stay in User Profile Service.
If you delete the user profile from SharePoint(UPA) then next import run will bring it back.
If you remove the User from AD group then it will removed from permission. But if you or somebody added him directly to the site then user will still have access to it.
So, now you have couple of options.
- Use powershell and remove the user from all site collection. check this http://www.sharepointdiary.com/2013/07/delete-users-from-site-collection-using-powershell.html
- use the 3rd party tools which offer permission management i,e quest.
- last one is, manually remove the user from everywhere.
