Reporting on all user permissions in a web application

Frequently I am asked to report on user permissions across the enterprise.  While each site collection, probably each site and possibly each library and item has its own permissions that are visible, reporting on them can’t be done in the User Interface.  This little PowerShell script I wrote will output all permissions in a CSV format that’s easily opened in Excel and manipulated via a PivotTable.  I even published this spreadsheet PivotTable in Excel Services allowing end users to interact and manipulate the views interactively in a browser.  Here it is:

$siteCol = Get-SPSite "http://sharepoint"  #replace with your own web app
get-spweb -site $siteCol -Limit ALL | ForEach-Object {
$site = $_;
write-host $str1;
foreach ($usr in $site.users) { $j++; $webPermissions += $str1+ $j.tostring()+ ","+ $usr.userlogin +","+$usr.displayname+","+$usr.Roles+"`r`n";}
$webPermissions += "`r"+"`n";
$webPermissions | Out-file -Filepath L:logsJP_security.csv  #I am partial to my own initials, replace with your name/path
3 replies
  1. Larry W Virden
    Larry W Virden says:

    I am trying to use your script but it is only listing info for the first site collection of the web app – is there something else I am missing?

    • Joel Plaut
      Joel Plaut says:

      The script is designed to only report permissions on one site collection at a time. This actually
      makes good sense generally, as the permissions output can be voluminous. To report on all site collections try:
      $sites = get-spwebapplication “http://sharepoint”
      foreach ($siteCol in Sites)



  2. Larry W Virden
    Larry W Virden says:

    Thank you for the suggestion. I will try that out to see if it helps me with my task. I so appreciate your blog article and suggestion.


Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *