I have a large site I'm reviewing and I've noticed a number of lists that have direct permissions instead of inheriting from the site as we'd like.
I was wondering if there's a way I can identify all of these using powershell? I know you can do this in the interface, but I'm hoping to write something I can apply to all sites in the farm to do a full cleanup.
Please check if below powershell script is useful to you:
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#Get All Web Applications
$webApps = Get-SPWebApplication #"http://sharepoint.company.com"
#Write Header to CSV File
"Site/List `t Title `t URL" | out-file UniquePermissions.csv
foreach ($webApp in $webApps)
{
foreach ($site in $webApp.Sites)
{
foreach ($web in $site.AllWebs)
{
if ( ($web.HasUniqueRoleAssignments) -and ($web.IsRootWeb -eq $false))
{
$result ="Site `t $($web.Title) `t $($web.Url)"
$result | Out-File UniquePermissions.csv -Append
#You can get the permissions applied by: $web.permissions | format-list member, basepermissions
}
foreach ($list in $web.Lists)
{
if (($list.HasUniqueRoleAssignments) -and ($list.Hidden -eq $false))
{
$result= "List `t $($list.Title) `t $($list.Url)"
$result | Out-File UniquePermissions.csv -Append
}
}
$web.Dispose()
}
$site.Dispose()
}
}
Reference : http://www.sharepointdiary.com/2012/10/find-all-sites-and-lists-with-unique-permissions.html
You can combine the scripts from these already existing questions which have both been answered by @Vadim Gremyachev. The script from this question gets all the site collections and the webs in them. Powershell to list all sites and subsites in SharePoint Online
The script in this question shows how to check whether a list has broken permissions or not: SPO Retrieve HasUniqueRoleAssignements property using Powershell
Using the following PowerShell Script to list all lists and libraries with unique permissions in a site collection:
Write-Host "********************************************************************"
Write-Host "| This script will check if there are list with unique permissions |"
Write-Host "********************************************************************"
Write-Host
Write-Host "Loading Microsoft.SharePoint.PowerShell..." -ForegroundColor Yellow
Write-Host
Add-PSSnapin Microsoft.SharePoint.PowerShell -erroraction SilentlyContinue
$siteURL = Read-Host "Please provide url of the SiteCollection"
$loglocation = Read-Host "Please provide path for the log file (hit ENTER to not store output)"
$site = Get-SPSite($siteURL)
Write-Host
if($loglocation -ne ""){
start-transcript -path $loglocation
Write-Host
}
Write-Host "--------------------------------------------------------------"
$counter = 0
Write-Host "The following lists and libraries have unique permissions `r`n (results marked in Red might have an 64K ACL impact):" -ForegroundColor Yellow
Write-Host
foreach($web in $site.AllWebs) {
foreach($list in $web.Lists) {
if($list.HasUniqueRoleAssignments -eq $true)
{
$counter = $counter + 1
if($list.ItemCount > 1500){
Write-Host $list.DefaultViewUrl "- ItemsCount:" $list.ItemCount -ForegroundColor Red "`r`n"
}else{
Write-Host $list.DefaultViewUrl "- ItemsCount:" $list.ItemCount "`r`n"
}
}else{
#Write-Host $list.DefaultViewUrl -ForegroundColor Green "`r`n"
}
}
}
Write-Host "--------------------------------------------------------------"
if($counter -lt 0){
Write-Host $siteURL "has no lists or libraries with unique permissions!" -ForegroundColor Green
}else{
Write-Host $siteURL "has $counter lists or libraries with unique permissions!"
}
Write-Host "--------------------------------------------------------------"
if($loglocation -ne ""){
Stop-Transcript
}
Write-Host
