Social media


            

Thursday, September 10, 2009

Permission reporting tool for SharePoint

Few days ago Microsoft has released the Fourth Release of the Microsoft SharePoint Administration Toolkit. It was announced on the SharePoint team blog.

A very interesting part of this toolkit is a permission reporting tool. I think that every administrator should have it on their MOSS/WSS environment as this helps with permission management on the farm. It is also really useful when working with Workbox - it can help you debug some problems with the permissions to the workflow and workflow items.

Generally the tool allows administrators to quickly check users' permissions. This is very useful, since due to multiple inheritances and big number of permission levels it is very easy to lose track who has which permissions.

The tool allows you to check on every level - site, list and even item - what permissions has chosen user. The tool displays what kind of permission levels given user has to a chosen object and how were they assigned (through group or directly). More about this functionality is here.

Reporting tool gives you also ability to quickly glance through permissions for all lists and sites in a given site. It also lets you to compare the permissions to parent permission and list which are different - who was added and who was removed. More on Office.com.

What is strange - the tool does not tell you that a user is a farm admin.

The third cool thing is a broken inheritance report. This report gives you information what are the permissions for current object and its siblings. More info about these report is here. The reports are in form of an XML, but can be easily opened in Excel. By default reports are stored in SharePoint list. It takes some time to run the report.

You can download the tool from here.
Here are some tips about the setup:
  • you need to have SP2 with the April Cumulative Updates. I would recommend installing the June Updates, as the April ones are included in the June CU. All details how to setup the June CU are here. Make sure you install SP to all the language packs, as without them you will not be able to install the CU.
  • after you setup the Toolkit you will find the reporting tool in the folder where the toolkit was setup (by default C:\Program Files\Microsoft\SPAdministrationToolkit\PermissionReportingSolution). It's in the form of a WSP. You need to use the STADM and addsolution operation and to set it up on your farm. Here is an MSDN article on how to add solution, depoly it and activate the feature from the STSADM 
  • Next you need to deploy the solution from the central administration (operations -> global configuration -> solution management).
  • The last step is the feature activation - you activate it for the farm. You need the April CU to activate the future.
After that you are good to go. Enjoy!