Chat now with support
Chat with Support

Metalogix ControlPoint 8.2 - User Guide

Preface Getting Started with ControlPoint Using Discovery to Collect Information for the ControlPoint Database Cache Searching for SharePoint Sites Managing SharePoint Objects
Accessing SharePoint Pages Viewing Properties of an Object within the SharePoint Hierarchy Creating Dashboards for Monitoring Statistics within Your SharePoint Farm Setting Object Properties Managing Site Collection and Site Features Managing Audit Settings Creating and Managing SharePoint Alerts Setting ControlPoint Alerts Managing Metadata Copying and Moving SharePoint Objects (Version 8.0 and Earlier) Moving a Site Collection to Another Content Database Deleting Sites Deleting Lists Archiving Audit Log Data Before Moving or Deleting a Site Collection Duplicating a Workflow Definition from one List or Site to Others Removing a Workflow from One or More Lists (or Sites)
Using ControlPoint Policies to Control Your SharePoint Environment Managing SharePoint User Permissions Data Analysis and Reporting
Specifying Parameters for Your Analysis Analysis Results Display Generating a SharePoint Summary Report Analyzing Activity Analyzing Object Properties Analyzing Storage Analyzing Content Generating a SharePoint Hierarchy Report Analyzing Trends Auditing Activities and Changes in Your SharePoint Environment Analyzing SharePoint Alerts Analyzing ControlPoint Policies Analyzing Users and Permissions The ControlPoint Task Audit Viewing Logged Errors
Scheduling a ControlPoint Operation Saving, Modifying and Executing Instructions for a ControlPoint Operation Using the ControlPoint Governance Policy Manager (SharePoint 2010 and Later) Using Sensitive Content Manager to Analyze SharePoint Content for Compliance Using ControlPoint Sentinel to Detect Anomalous Activity Default Menu Options for ControlPoint Users About Us

Generating a Site Permissions Report

The Site Permissions Report lets you examine the permissions that one or more users have for selected sites.  Results can be grouped either by user or by site.

To generate a Site Permissions by Site report:

1From the From the Permissions Management left menu, choose Report on Permissions > Site Permissions.

2Specify the parameters for your report.

In addition to the "common" parameters, you can choose whether to

§Group by Sites or Users

§Include lists and/or list items.

NOTE:  Permissions for lists and list items are excluded by default.  If you choose to include them, only real-time (not cached) data can be used and processing time may increase significantly.

Now you can:

·run the report immediately (by clicking [Run Now])


·schedule the report to run at a later time.

Site Permissions by Site report results contain the following sections:

·Web Application Policies

·User Rights

·Active Directory group members (if you chose to Expand Active Directory groups)

Web Application Policies Section

The top level of the Web Application Policies section lists the Web application(s) or Users (depending on how you choose to group results) within the scope of your report.  A plus sign (+) in any of the permission columns indicates that at least one user has that permission.

When expanded, a list of policy permissions within the Web application (including any that are zone-specific) displays.  A plus sign (+) displays in the applicable column(s), which may include:

·the following policy-level site collection permissions (which indicates that one of the specified policy permission levels has enabled the site collection permissions):



§System settings (for accounts that operates as a system account)

NOTE:  Administrator and Auditor are site collection level permissions that a policy level can have.  They are set for the Web application via the SharePoint Manage Permission Policy Levels > Edit Permission Policy Level page.

·the four built-in SharePoint policy permission levels:

§Full Control

§Full Read

§Deny Write

§Deny All

NOTE: If a user has a custom policy permission level, it is recorded in the Other column.

Web Application Policies grouped by site

Web Application Policies grouped by user

Note that the account in which the Web application's application pool runs is listed with the zone identified as (System Account).

User Rights Section

For each Web application, a list of sites or users (depending on how you choose to group) application displays.

NOTE:  If Anonymous Access has been enabled for the Web application, it will be indicated in parentheses following the Web application name.

When expanded, a list of users and/or Active Directory groups with permissions for the site collection or site displays, along with the following information:

·the login name of the SharePoint User

NOTE:  If Anonymous Access has been enabled for the site, <Anonymous Access> appears as the first user name

·the user's permission level(s), as indicated by a plus sign (+) in the applicable column(s), which may include:

§the site collection's Admin group

§the five default SharePoint permission levels:

§Full Control





NOTE:  If a user has a template-specific or custom permission level, it is recorded in the Other column.  If Anonymous Access has been enabled for the site, the level of access (Entire Website, Lists and Libraries, or None) is recorded in the Other column.

By default, the report lists:

·users with direct permissions

·users with membership through SharePoint groups, and

·Active Directory groups that either have direct permissions or have been placed into SharePoint groups.

The Display Name/Group column shows the display name of each user whose permissions are direct or through membership in a SharePoint group.  This name is taken from the Preferred Name field of the SharePoint User Profile, which is typically populated with the Active Directory Display Name.  If a display name does not exist for the user, the user's login name will display in brackets < >.  

If you chose to Include Users with AD GRoup:

·users who have permissions through Active Directory groups are listed as separate line items, with name of the Active Directory group displayed in the Display Name/Group column.


·an Active Directory members section, which lists each Active Directory group with permissions and all of its members, displays at the end of report results.

If you chose to group results by site, click the AD hyperlink to the left of an AD group in the User Rights section to view Active Directory group members.

If you chose to group results by user,c lick an Active Directory User hyperlink to view Active Directory group members.


Related Documents