Analyzing Permissions by List Item
The Permissions by List Item analysis lets you examine user permissions for folders and items within selected lists.
NOTE: List item permissions are also included as part of Comprehensive Permissions analysis.
To generate a Permissions by List Item analysis:
1Select the list(s) whose item permissions you want to analyze.
2Choose Users and Security > Permissions by List Item.
3If you want to analyze only specific items within the selected scope, select the items you want to analyze.
4Specify the parameters for your analysis.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
The first row of the result set includes the following information about the list itself:
·an icon that identifies the list type (document library, calendar, task list, etc.).
·the name of the list
·the List Security type (Inherited or Unique)
·the number of Items in the list
·the number of Items with Unique Permissions.
When the first row is expanded, each user with permissions for the list is displayed, along with the following information:
·the name of the SharePoint User
·the number of Accessible Items (that is, the number of items within the list for which the user has permissions)
·the user's permission level(s) for the list itself, as indicated by a plus sign (+) in the applicable column(s), which may include:
§the site collection's Admin group
§the five default SharePoint permission levels:
§Full Control
§Design
§Contribute
§Read
§Limited.
NOTE: If a user has a template-specific or custom permission level, it is recorded in the Other column.
The remaining rows contain detailed permissions information for each folder and item within the list.
Click a list, folder, or item name to open the SharePoint Permissions page.
Analyzing Comprehensive Permissions
The Comprehensive Permissions analysis shows the permissions that users have to selected sites as well as lists (and optionally, list items) within those sites.
If you want to analyze site-level permissions only (with the option of drilling down to list permissions for each user individually), you can run a Site Permissions analysis instead.
NOTE: The Comprehensive Permissions analysis always uses real-time (not cached) data.
To generate a Comprehensive Permissions analysis:
1Select the object(s) on which you want to perform the analysis).
2Choose Users and Security > Comprehensive Permissions.
3Specify the parameters for your analysis.
Note that, In addition to the "standard" parameters, you have the option to Group by Sites (the default) or Users.
NOTE: By default, permissions for list items are excluded from the analysis. You can, however, chose to Include List Items. Be aware however, that processing time may increase significantly.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
Comprehensive Permissions analysis results consist of the following sections:
·Web Application Policies
·User Rights.
Web Application Policies Section
The information in the Web Application Polices section is the same as that found in the Site Permissions analysis.
User Rights Section
In addition to the same site-level permissions (Site Security) shown in the Site Permissions analysis, the User Rights section also shows the same list-level and optionally, item-level permissions (List Security) shown in the Site Lists Permissions analysis.
Analyzing Comprehensive Information About SharePoint Users
The Comprehensive User Report contains the following information about one or more SharePoint users:
·permissions that the user has for sites, lists, and list items
·workflows created by the user
·documents created by, last modified by, and checked out to the user
·SharePoint alerts that have been created for the user
·open tasks assigned to the user, including workflow tasks
·membership in both SharePoint and Active Directory groups.
To generate a Comprehensive User Report:
1Select the object(s) for which you want to view comprehensive user information
2Choose Users and Security > Comprehensive User Report.
3Select the user(s) whose comprehensive information you want to analyze.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
Comprehensive User Information Report results consist of the following sections:
·Web Application Policies
·User Rights
·Documents Created By, Last Modified By, and Checked Out to User
·SharePoint Alerts by Site
·Workflows Created
·Open Tasks
·User Groups
Web Application Polices and User Rights Sections
The information in the Web Application Polices and User Rights sections is the same as that found in the Comprehensive Permissions analysis.
Documents Created By, Last Modified By, and Checked Out to User Section
This section lists each of the documents created by, last modified by, and checked out to the user and includes the name of the Web Application, Site, and List where the document is located.
SharePoint Alerts by Site Section
This section lists SharePoint alerts that have been created for the user for each site within the scope of your analysis, including the Web Application, Site. and url for which the alert is set.
When expanded, the following additional information displays:
·alert Type (List or Item)
·Event Filter that triggers the alert
·Frequency of the alert
·if the frequency is other than immediate, the date and time of the Next Alert
·the alert Filter
Running Workflows Created Section
The Running Workflows Created section lists all of the workflows created by the user that have at least one instance currently running. Information about the workflow includes:
·Workflow name
·the number of Running Instances
·A Description of the workflow.
When expanded, the following additional information about the workflow displays:
·the workflow's Associated Item
·a link to a Summary of all workflows associated with the Document
·the List for which the workflow was created
·the Site and Web Application where the list is located.
Open Tasks Section
The Open Tasks section lists all of the workflow-associated open tasks that have been assigned to the user, including:
·the Task Name and Status
·the Task Created Date and time
·the Task Type
·the Associated Workflow for the task
·the Task Description
User Groups Section
The User Groups section lists the Active Directory Groups and SharePoint Groups of which the user is a member.
Analyzing SharePoint Groups
The SharePoint Groups Analysis provides details about membership and permissions of SharePoint groups within one or more site collections and/or sites.
To generate a SharePoint Groups analysis:
1Select the object(s) for which you want to analyze SharePoint groups.
2Choose Users and Security > SharePoint Group Analysis.
3Specify the parameters for your analysis.
In addition to the "standard" parameters for permissions analyses, you can limit results to:
§SharePoint groups whose name include a specific text string
§groups with no members and/or with no permissions or only groups with both members and permissions
NOTE: Currently, you can only report on groups with no permissions if the ControlPoint Configuration Setting "Show SharePoint Groups with No Permissions in Hierarchy" is set to true. (See the ControlPoint Administration Guide for details.)
You can also choose whether to Include lists and list items in results.
CAUTION: If you chose to include lists and list items, the analysis may take significantly longer to run and may generate a much larger set of results.
Now you can:
·run the operation immediately (by clicking the [Run Now] button)
OR
·schedule the operation to run at a later time or on a recurring basis.
OR
·save the operation as XML Instructions that can be run at a later time.
The SharePoint Group Analysis consists of the following sections:
·Membership
·Permissions
Membership Section
The Membership section lists each site collection within the scope or your analysis.
When expanded the following information displays:
·each SharePoint Group within the site collection
·the No of users in the group.
·a plus sign (+) identifying each group that Has Permissions.
When expanded, each Member login name and Display Name is listed.
Note that an Active Directory group is counted as a single user.
Permissions Section
The Permissions section lists each site within the scope of your analysis.
When expanded, a Site Security summary row indicates whether site security is Inherited or Unique. Each SharePoint Group within the site is listed, along with a plus sign (+) identifying each of its permissions. Any custom permissions levels are recorded in the Other column.
Note that in the following example, the external user is identified by his external email address.
