Analyzing Site Lists Permissions
The Site Lists Permissions analysis lets you examine user permissions for individual lists within a selected site.
NOTE: List permissions are also included as part of the Comprehensive Permissions analysis. You can also view permissions for items within a selected list by running a Permissions by List Item analysis.
To generate a Site Lists Permissions analysis:
1Select the site whose list permissions you want to analyze.
NOTE: You can only analyze list permissions for one site at a time. If you multi-select, only the site on which you right-clicked will apply.
2Choose Users and Security > Site Lists Permissions. Use the information in the following table to determine the appropriate action to take.
3Specify the parameters for your analysis.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
The top level of the Site Lists Permissions analysis shows all of the lists used on the site, along with the following information:
·the Security type (Inherited or Unique)
·the number of Items in the list
·the number of Items with Unique Permissions.
NOTE: If you chose to Show unique permissions only, results will include any list that contains items with unique permissions (even if the list itself has inherited permissions).
When expanded, the following information displays for each list:
·each User or Active Directory group with permissions to the List item(s)
·if applicable, the SharePoint Group via which the user has permissions (users who have direct access are appropriately identified)
·the number of Accessible Items for that user, and
·the user's permission level(s). A plus sign (+) displays in the applicable column(s), which may include any of the five default SharePoint permission levels:
§Full Control
§Design
§Contribute
§Read
§Limited.
NOTE: If a user has a template-specific or custom permission level, it is recorded in the Other column.
By default, the report lists:
·users with direct permissions
·users placed into SharePoint groups, and
·Active Directory groups that either have direct permissions or have been placed into SharePoint groups.
The Display Name/Group column shows the display name of each user whose permissions are direct or through membership in a SharePoint group. This name is taken from the Preferred Name field of the SharePoint User Profile, which is typically populated with the Active Directory Display Name. If a display name does not exist for the user, the user's login name will display in brackets < >.
If you chose to Expand Active Directory Groups:
·users who have permissions through Active Directory groups are listed as separate line items, with name of the Active Directory group displayed in the Display Name/Group column.
AND
·an Active Directory members section, which lists each Active Directory group with permissions and all of its members, displays at the end of analysis results.
Analyzing Permissions by List Item
The Permissions by List Item analysis lets you examine user permissions for folders and items within selected lists.
NOTE: List item permissions are also included as part of Comprehensive Permissions analysis.
To generate a Permissions by List Item analysis:
1Select the list(s) whose item permissions you want to analyze.
2Choose Users and Security > Permissions by List Item.
3If you want to analyze only specific items within the selected scope, select the items you want to analyze.
4Specify the parameters for your analysis.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
The first row of the result set includes the following information about the list itself:
·an icon that identifies the list type (document library, calendar, task list, etc.).
·the name of the list
·the List Security type (Inherited or Unique)
·the number of Items in the list
·the number of Items with Unique Permissions.
When the first row is expanded, each user with permissions for the list is displayed, along with the following information:
·the name of the SharePoint User
·the number of Accessible Items (that is, the number of items within the list for which the user has permissions)
·the user's permission level(s) for the list itself, as indicated by a plus sign (+) in the applicable column(s), which may include:
§the site collection's Admin group
§the five default SharePoint permission levels:
§Full Control
§Design
§Contribute
§Read
§Limited.
NOTE: If a user has a template-specific or custom permission level, it is recorded in the Other column.
The remaining rows contain detailed permissions information for each folder and item within the list.
Click a list, folder, or item name to open the SharePoint Permissions page.
Analyzing Comprehensive Permissions
The Comprehensive Permissions analysis shows the permissions that users have to selected sites as well as lists (and optionally, list items) within those sites.
If you want to analyze site-level permissions only (with the option of drilling down to list permissions for each user individually), you can run a Site Permissions analysis instead.
NOTE: The Comprehensive Permissions analysis always uses real-time (not cached) data.
To generate a Comprehensive Permissions analysis:
1Select the object(s) on which you want to perform the analysis).
2Choose Users and Security > Comprehensive Permissions.
3Specify the parameters for your analysis.
Note that, In addition to the "standard" parameters, you have the option to Group by Sites (the default) or Users.
NOTE: By default, permissions for list items are excluded from the analysis. You can, however, chose to Include List Items. Be aware however, that processing time may increase significantly.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
Comprehensive Permissions analysis results consist of the following sections:
·Web Application Policies
·User Rights.
Web Application Policies Section
The information in the Web Application Polices section is the same as that found in the Site Permissions analysis.
User Rights Section
In addition to the same site-level permissions (Site Security) shown in the Site Permissions analysis, the User Rights section also shows the same list-level and optionally, item-level permissions (List Security) shown in the Site Lists Permissions analysis.
Analyzing Comprehensive Information About SharePoint Users
The Comprehensive User Report contains the following information about one or more SharePoint users:
·permissions that the user has for sites, lists, and list items
·workflows created by the user
·documents created by, last modified by, and checked out to the user
·SharePoint alerts that have been created for the user
·open tasks assigned to the user, including workflow tasks
·membership in both SharePoint and Active Directory groups.
To generate a Comprehensive User Report:
1Select the object(s) for which you want to view comprehensive user information
2Choose Users and Security > Comprehensive User Report.
3Select the user(s) whose comprehensive information you want to analyze.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
Comprehensive User Information Report results consist of the following sections:
·Web Application Policies
·User Rights
·Documents Created By, Last Modified By, and Checked Out to User
·SharePoint Alerts by Site
·Workflows Created
·Open Tasks
·User Groups
Web Application Polices and User Rights Sections
The information in the Web Application Polices and User Rights sections is the same as that found in the Comprehensive Permissions analysis.
Documents Created By, Last Modified By, and Checked Out to User Section
This section lists each of the documents created by, last modified by, and checked out to the user and includes the name of the Web Application, Site, and List where the document is located.
SharePoint Alerts by Site Section
This section lists SharePoint alerts that have been created for the user for each site within the scope of your analysis, including the Web Application, Site. and url for which the alert is set.
When expanded, the following additional information displays:
·alert Type (List or Item)
·Event Filter that triggers the alert
·Frequency of the alert
·if the frequency is other than immediate, the date and time of the Next Alert
·the alert Filter
Running Workflows Created Section
The Running Workflows Created section lists all of the workflows created by the user that have at least one instance currently running. Information about the workflow includes:
·Workflow name
·the number of Running Instances
·A Description of the workflow.
When expanded, the following additional information about the workflow displays:
·the workflow's Associated Item
·a link to a Summary of all workflows associated with the Document
·the List for which the workflow was created
·the Site and Web Application where the list is located.
Open Tasks Section
The Open Tasks section lists all of the workflow-associated open tasks that have been assigned to the user, including:
·the Task Name and Status
·the Task Created Date and time
·the Task Type
·the Associated Workflow for the task
·the Task Description
User Groups Section
The User Groups section lists the Active Directory Groups and SharePoint Groups of which the user is a member.
