The Site Permissions Report lets you examine the permissions that one or more users have for selected sites. Results can be grouped either by user or by site.
To generate a Site Permissions by Site report:
1From the From the Permissions Management left menu, choose Report on Permissions > Site Permissions.
2Specify the parameters for your report.
In addition to the "common" parameters, you can choose whether to
§Group by Sites or Users
§Include lists and/or list items.
NOTE: Permissions for lists and list items are excluded by default. If you choose to include them, only real-time (not cached) data can be used and processing time may increase significantly.
Now you can:
·run the report immediately (by clicking [Run Now])
Site Permissions by Site report results contain the following sections:
·Web Application Policies
·Active Directory group members (if you chose to Expand Active Directory groups)
Web Application Policies Section
The top level of the Web Application Policies section lists the Web application(s) or Users (depending on how you choose to group results) within the scope of your report. A plus sign (+) in any of the permission columns indicates that at least one user has that permission.
When expanded, a list of policy permissions within the Web application (including any that are zone-specific) displays. A plus sign (+) displays in the applicable column(s), which may include:
·the following policy-level site collection permissions (which indicates that one of the specified policy permission levels has enabled the site collection permissions):
§System settings (for accounts that operates as a system account)
NOTE: Administrator and Auditor are site collection level permissions that a policy level can have. They are set for the Web application via the SharePoint Manage Permission Policy Levels > Edit Permission Policy Level page.
·the four built-in SharePoint policy permission levels:
NOTE: If a user has a custom policy permission level, it is recorded in the Other column.
Web Application Policies grouped by site
Web Application Policies grouped by user
Note that the account in which the Web application's application pool runs is listed with the zone identified as (System Account).
User Rights Section
For each Web application, a list of sites or users (depending on how you choose to group) application displays.
NOTE: If Anonymous Access has been enabled for the Web application, it will be indicated in parentheses following the Web application name.
When expanded, a list of users and/or Active Directory groups with permissions for the site collection or site displays, along with the following information:
·the login name of the SharePoint User
NOTE: If Anonymous Access has been enabled for the site, <Anonymous Access> appears as the first user name
·the user's permission level(s), as indicated by a plus sign (+) in the applicable column(s), which may include:
§the site collection's Admin group
§the five default SharePoint permission levels:
NOTE: If a user has a template-specific or custom permission level, it is recorded in the Other column. If Anonymous Access has been enabled for the site, the level of access (Entire Website, Lists and Libraries, or None) is recorded in the Other column.
By default, the report lists:
·users with direct permissions
·users with membership through SharePoint groups, and
·Active Directory groups that either have direct permissions or have been placed into SharePoint groups.
The Display Name/Group column shows the display name of each user whose permissions are direct or through membership in a SharePoint group. This name is taken from the Preferred Name field of the SharePoint User Profile, which is typically populated with the Active Directory Display Name. If a display name does not exist for the user, the user's login name will display in brackets < >.
If you chose to Include Users with AD GRoup:
·users who have permissions through Active Directory groups are listed as separate line items, with name of the Active Directory group displayed in the Display Name/Group column.
·an Active Directory members section, which lists each Active Directory group with permissions and all of its members, displays at the end of report results.
If you chose to group results by site, click the AD hyperlink to the left of an AD group in the User Rights section to view Active Directory group members.
If you chose to group results by user,c lick an Active Directory User hyperlink to view Active Directory group members.