How do I find out what a group has permission to?

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/14442

  •  16-10-2019
  •  | 
  •  

Pergunta

I'm cleaning up a farm that has loads of junk groups on it. Is there an easy way to tell if any of these groups have been assigned access to anything? The intention is to delete groups that have members but don't confer any privileges.

Foi útil?

Solução

Oh dear, this seems a classic case of RTFM.

Go to the group, as in the page where the members are listed, and go to Settings>View Group Permissions.

Outras dicas

Out of the box, there's no "easy" way to do this. You could whip something up in PowerShell to iterate through the groups and search everything in the farm to see if that group has access to anything (obviously if it's a big farm you'd want to run it off hours). There's also a few third party tools that help with this; I believe Axceler has a tool that helps with group management, but usually those tools are a bit pricey if you're only going to do this once.

There is no out of the box solution but look at these two solutions. Maybe they could help you out.

Sharepoint Access Checker Web Part: http://accesschecker.codeplex.com/

Sharepoint Permissions Manager: http://permissionsmanager.codeplex.com/

You can query the group permissions programmatically as well. A code sample in PowerShell:

# inject fake context 
$web = Get-SPWeb "http://intranet.contoso.com"
$request = New-Object System.Web.HttpRequest("", $web.Url, "") 
$response = New-Object System.Web.HttpResponse(New-Object System.IO.StreamWriter(New-Object System.IO.MemoryStream)) 
$dummyContext = New-Object System.Web.HttpContext($request, $response) 
$dummyContext.Items["HttpHandlerSPWeb"] = [Microsoft.SharePoint.SPWeb]$web 
[System.Web.HttpContext]::Current = $dummyContext 
$groupPermissions = New-Object Microsoft.SharePoint.WebControls.GroupPermissions 
# set your group here 
$groupId = $web.SiteGroups["Team Site Owners"].ID 
$groupPermissions.GroupId = $groupId 
# set dummy Page 
$groupPermissions.Page = New-Object System.Web.UI.Page 
# invoke private CreateDataTable method 
$groupPermissionsType = $groupPermissions.GetType() 
$bindingFlags = [System.Reflection.BindingFlags]::NonPublic -bor [System.Reflection.BindingFlags]::Instance 
$mi_CreateDataTable = $groupPermissionsType.GetMethod("CreateDataTable", [System.Reflection.BindingFlags]($bindingFlags)) 
$dataTable = $mi_CreateDataTable.Invoke($groupPermissions, $null) 
#process results 
$regExpPattern = [regex]'<span dir="ltr">(?<scopeUrl>.*?)</span>' 
$dataTable | % { 
  $scopeUrl = $regExpPattern.match($_.ScopeUrl).groups[1].value 
  Write-Host $scopeUrl $_.Role
}

Read more about it here, or here about the C# equivalent here.

Licenciado em: CC-BY-SA com atribuição
Não afiliado a sharepoint.stackexchange
scroll top