Analyzing Site Permissions
The Site Permissions analysis lets you examine the permissions that one or more users have for selected sites, including external users.
To generate a Site Permissions analysis:
1Select the object(s) you want to include in your analysis.
2Choose Users and Security > Site Permissions.
3Specify the parameters for your analysis.
Note that, In addition to the "standard" parameters, you have the option to Group by Sites (the default) or Users.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
The top level of the User Rights section lists the Web application(s) within the scope of your analysis.
When expanded, a list of users with permissions for the site collection or site displays, along with the following information:
·the login name of the SharePoint User
·the user's permission level(s), as indicated by a plus sign (+) in the applicable column(s), which may include:
§the site collection's Admin group
§the five default SharePoint permission levels:
§Full Control
§Design
§Contribute
§Read
§Limited.
NOTE: If a user has a template-specific or custom permission level, it is recorded in the Other column.
By default, the report lists:
·users with direct permissions, and
·users with membership through Active Directory/tenant-level Security groups and SharePoint groups.
The Display Name/Group column shows the display name of each user whose permissions are direct or through membership in a SharePoint group. If a display name does not exist for the user, the user's login name will display in brackets < >.
If you chose to group by Sites, you can click the AD hyperlink to the left of an AD group in the User Rights section to view Active Directory/Security group members.
NOTE: Because ControlPoint cannot currently expand membership in Office 365 groups, when the AD link is clicked the dialog will be blank.
Note that in the following example, the external user is identified by his external email address.
Analyzing Site Lists Permissions
The Site Lists Permissions analysis lets you examine the permissions of users for individual lists within a selected site, including external users.
NOTE: List permissions are also included as part of the Comprehensive Permissions analysis. You can also view permissions for items within a selected list by running a Permissions by List Item analysis.
To generate a Site Lists Permissions analysis:
1Select the site whose list permissions you want to analyze.
NOTE: You can only analyze list permissions for one site at a time. If you multi-select, only the site on which you right-clicked will apply.
2Choose Users and Security > Site Lists Permissions. Use the information in the following table to determine the appropriate action to take.
3Specify the parameters for your analysis.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
The top level of the Site Lists Permissions analysis shows all of the lists used on the site, along with the following information:
·the Security type (Inherited or Unique)
·the number of Items in the list
·the number of Items with Unique Permissions.
NOTE: If you chose to Show unique permissions only, results will include any list that contains items with unique permissions (even if the list itself has inherited permissions).
When expanded, the following information displays for each list:
·each User with permissions to the List item(s)
·if applicable, the SharePoint Group via which the user has permissions (users who have direct access are appropriately identified)
·the number of Accessible Items for that user, and
·the user's permission level(s). A plus sign (+) displays in the applicable column(s), which may include any of the five default SharePoint permission levels:
§Full Control
§Design
§Contribute
§Read
§Limited.
NOTE: If a user has a template-specific or custom permission level, it is recorded in the Other column.
Note that in the following example, the external user is identified by his external email address.
Analyzing Permissions by List Item
The Permissions by List Item analysis lets you examine user permissions for folders and items within selected lists.
NOTE: List item permissions are also included as part of Comprehensive Permissions analysis.
To generate a Permissions by List Item analysis:
1Select the list(s) whose item permissions you want to analyze.
2Choose Users and Security > Permissions by List Item.
3If you want to analyze only specific items within the selected scope, select the items you want to analyze.
4Specify the parameters for your analysis.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
The first row of the result set includes the following information about the list itself:
·an icon that identifies the list type (document library, calendar, task list, etc.).
·the name of the list
·the List Security type (Inherited or Unique)
·the number of Items in the list
·the number of Items with Unique Permissions.
When the first row is expanded, each user with permissions for the list is displayed, along with the following information:
·the name of the SharePoint User
·the number of Accessible Items (that is, the number of items within the list for which the user has permissions)
·the user's permission level(s) for the list itself, as indicated by a plus sign (+) in the applicable column(s), which may include:
§the site collection's Admin group
§the five default SharePoint permission levels:
§Full Control
§Design
§Contribute
§Read
§Limited.
NOTE: If a user has a template-specific or custom permission level, it is recorded in the Other column.
The remaining rows contain detailed permissions information for each folder and item within the list.
Click a list, folder, or item name to open the SharePoint Permissions page.
Note that in the following example, the external user is identified by his external email address.
Analyzing Comprehensive Permissions
The Comprehensive Permissions analysis shows the permissions that users (including external users) have to selected sites as well as lists (and optionally, list items) within those sites.
If you want to analyze site-level permissions only (with the option of drilling down to list permissions for each user individually), you can run a Site Permissions analysis instead.
NOTE: The Comprehensive Permissions analysis always uses real-time (not cached) data.
To generate a Comprehensive Permissions analysis:
1Select the object(s) on which you want to perform the analysis.
2Choose Users and Security > Comprehensive Permissions
3Specify the parameters for your analysis.
Note that, In addition to the "standard" parameters, you have the option to Group by Sites (the default) or Users.
NOTE: By default, permissions for list items are excluded from the analysis. You can, however, chose to Include List Items. Be aware however, that processing time may increase significantly.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
Because Comprehensive Permissions analyses are always run on real-time data, if your analysis encompasses multiple users, sites, lists, and/or list items, the analysis may run very slowly and the result set may be very large. Therefore, you may want to consider running it by schedule.
In addition to the same site-level permissions (Site Security) shown in the Site Permissions by Site analysis, the User Rights section also shows the same list-level and optionally, item-level permissions (List Security) shown in the Site Lists Permissions analysis.