Determining an overall view of SharePoint’s permissions can be quite a nasty task. Without the use of paid tools it becomes almost impossible to view the breakdown of an entire Site Collection’s permission structure.

We recently came across the need to determine permissions of a number of sites that are customer-facing as we are going to re-organize the site and I decided it was time to build a tool to help us in this process once and for all that we could use in the future (as this is not an un-common request).

I determined the easiest way would be to create an aspx page that could be loaded in the central admin realm.

This page is .NET 3.5-based and will iterate the entire farm, all site collections, and all sites, breaking down the permissions and roles for each site, where inheritance is broken, and when it is broken, what the updated permissions are. It even goes into list and list items permissions and inheritance. The amount of information it generates is quite overwhelming, so I ended up using this file to output directly to XML and then transformed the results as I needed via XSLT.

Without further ado, here is the code. You can simply place this entire code-integrated file in C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\ADMIN. In my case I named the file auditor.aspx so it can be accessed directly from the farm’s central admin site.


<%@ Page Language="C#" ContentType="application/xml"%> 
<%@ Import Namespace="Microsoft.SharePoint.Administration" %> 
<%@ Import Namespace="Microsoft.SharePoint" %> 
<%@ Import Namespace="System.Linq" %>
<%@ Import Namespace="System.Xml.Linq" %>
<%@ Import Namespace="System.Xml" %> 
<%@ Import Namespace="System.IO" %>
<%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %> 

<script runat="server"> 
    protected override void OnLoad(EventArgs e){ 
        try
        {
            SPFarm thisFarm = SPFarm.Local;
            SPWebService service = thisFarm.Services.GetValue<SPWebService>("");
            XDocument doc = new XDocument();
            XElement root = new XElement("webapplications");

            try
            {                
                foreach (SPWebApplication webApp in service.WebApplications)
                {
                    XElement webappelem = new XElement("webapplication");
                    XAttribute attrname = new XAttribute("name", webApp.DisplayName);
                    webappelem.Add(attrname);

                    try
                    {
                        XElement sites = new XElement("sites");

                        foreach (SPSite siteCollection in webApp.Sites)
                        {
                            XElement site = new XElement("site");
                            site.Add(new XAttribute("url", siteCollection.Url));
                            GetWebs(siteCollection.AllWebs, site);
                            sites.Add(site);
                        }

                        webappelem.Add(sites);
                    }
                    catch (Exception siteError)
                    {
                        webappelem.Add(new XElement("error", siteError.Message));
                    }
                    root.Add(webappelem);
                }
            }
            catch (Exception webAppError)
            {
                root.Add(new XElement("error", webAppError.Message));
            }

            doc.Add(root);
            XmlWriter writer = XmlWriter.Create(Response.OutputStream);
            doc.WriteTo(writer);
            writer.Close();
        }
        catch (Exception ex)
        {
            System.Web.HttpContext.Current.Response.Write(ex.Message);
        }
    }

    public XElement GetRoleAssignments(SPRoleAssignmentCollection racollection, SPWeb web)
    {
        XElement raelem = new XElement("roleassignments");

        foreach (SPRoleAssignment ra in racollection)
        {
            XElement tempra = new XElement("roleassignment");

            tempra.Add(new XAttribute("name", ra.Member.Name));
            tempra.Add(new XAttribute("id", ra.Member.ID));

            try
            {
                SPGroup group = web.Groups.GetByID(ra.Member.ID);
                tempra.Add(new XAttribute("isgroup", "True"));
            }
            catch
            {
                tempra.Add(new XAttribute("isgroup", "False"));
            }

            XElement rdtemp = new XElement("roledefinitions");

            foreach (SPRoleDefinition rd in ra.RoleDefinitionBindings)
            {
                XElement role = new XElement("role");
                role.Add(new XAttribute("name", rd.Name));
                role.Add(new XAttribute("permissions", rd.BasePermissions.ToString()));
                rdtemp.Add(role);
            }
            tempra.Add(rdtemp);
            raelem.Add(tempra);
        }
        return raelem;
    }

    public void GetWebs(SPWebCollection allWebs, XElement site)
    {
        XElement webs = new XElement("webs");

        try
        {
            foreach (SPWeb web in allWebs)
            {
                XElement webelem = new XElement("web");
                webelem.Add(new XAttribute("url", web.Url));
                webelem.Add(new XAttribute("title", web.Title));
                webelem.Add(new XAttribute("WebTemplateID", web.WebTemplateId.ToString()));
                webelem.Add(new XAttribute("WebTemplateName", web.WebTemplate));

                XElement grpelem = new XElement("groups");

                foreach (SPGroup group in web.Groups)
                {
                    XElement tempgrp = new XElement("group");

                    tempgrp.Add(new XAttribute("name", group.Name));
                    tempgrp.Add(new XAttribute("id", group.ID));

                    string owner = group.Owner.ID.ToString();

                    try
                    {
                        SPUser user = web.Users.GetByID(group.Owner.ID);
                        owner = user.Name;
                    }
                    catch
                    {
                        try
                        {

                            SPGroup groupcheck = web.Groups.GetByID(group.Owner.ID);
                            owner = groupcheck.Name;
                        }
                        catch { }
                    }

                    tempgrp.Add(new XAttribute("owner", owner));

                    XElement members = new XElement("members");

                    foreach (SPUser user in group.Users)
                    {
                        XElement tempmember = new XElement("member");
                        tempmember.Add(new XAttribute("name", user.Name));
                        tempmember.Add(new XAttribute("id", user.ID));
                        members.Add(tempmember);
                    }

                    tempgrp.Add(members);
                    grpelem.Add(tempgrp);
                }
                webelem.Add(grpelem);
                webelem.Add(GetRoleAssignments(web.RoleAssignments, web));

                XElement lists = new XElement("lists");

                foreach (SPList list in web.Lists)
                {
                    XElement listelem = new XElement("list");
                    listelem.Add(new XAttribute("title", list.Title));
                    listelem.Add(new XAttribute("uniqueroleassignments", list.HasUniqueRoleAssignments));

                    if (list.HasUniqueRoleAssignments)
                    {
                        listelem.Add(GetRoleAssignments(list.RoleAssignments, web));
                    }

                    XElement itemselem = new XElement("items");

                    foreach (SPListItem item in list.Items)

                    {
                        XElement itemelem = new XElement("item");

                        try
                        {
                            itemelem.Add(new XAttribute("title", item.Title));
                        }
                        catch {
                            try
                            {
                                itemelem.Add(new XAttribute("title", item.DisplayName));
                            }
                            catch {
                                itemelem.Add(new XAttribute("title", "Not Available"));
                            }
                        }

                        if (item.HasUniqueRoleAssignments)
                        {
                            itemelem.Add(GetRoleAssignments(item.RoleAssignments, web));
                        }
                        itemselem.Add(itemelem);
                    }
                    listelem.Add(itemselem);
                    lists.Add(listelem);
                }
                webelem.Add(lists);
                webs.Add(webelem);
                web.Dispose();
            }
        }
        catch (Exception webError)
        {

            webs.Add(new XElement("error", webError.Message));

        }

        site.Add(webs);

    }
</script>