How to Find Unique Permissions in SharePoint for All Items, Lists and Sites

SharePoint is becoming a critical content repository for files, documents, list data and applications for many organizations. As content grows, users increase, and administrators come and go, SharePoint permissions slowly start drifting into the dark side of SharePoint management and might leave your permissions in unknown and messy state, much like this messy kitchen. You know deep down that a cleanup is due, but you begin to deliberately avoid this unpleasant confrontation because the task feels too daunting. You wish you knew the options you had to tackle those tricky Unique Permissions (also known as fine-grained-permissions, broken-inheritance-permissions, or item-level-permissions). This post should help.

 

​

 

In this article we will discuss how to avoid the SharePoint Permission Fallout and how to restore your grip on those permissions and whats on your site.

 

Common SharePoint Permissions that you want to address is:

- What sites have unique permissions (broken inheritance objects)

- What Lists have unique permissions

- What items, folders and documents have unique permissions

- Is there a way to audit unique permissions quickly?

- Can I do a recursive scan of the permissions on my site?

- Can I generate a report of those permissions?

 

Our Example

Let's assume we have our SharePoint site for Health Services Inc as shown in the illustration below. Like many aged and grown sites, we find many subsites, some library with 20,000_ folders with unique permissions at the item level and deeply nested sites and subsites.

 

If you are an administrator that took over the administration of the site, you are completely in the dark. What can you do to understand how permissions are assigned to this barrage of content?

 

​

 

Options to Understand the Unique permissions

- Use Explorer View

 

 

​

 

​

 

​

 

From here you can see the unique permission on that library. If you click on Folder 1 it will take you that folder details. If you click on "manage permissions" it will take you the permissions page for that folder so you can change the permissions.

 

The nice thing about this method is that it's available out of the box. The downside is that it's very rigid and limited in scope. Ideally you'd want to navigate up and down the hierarchy and drill deeper and even drill into the permissions quickly without jumping too many pages. You may also want to view the group memberships of the groups with permissions.

 

Option 2 - Powershell

 

Powershell is a great free solution to do deep site scans and return unique permissions in a csv format. Here is a script that will do that. This will go through the whole site and do a recursive scan of sites, lists and items and find the unique permissions.

 

Disadvantages

• This script only runs on a SharePoint on Premises Server and does not use client object model. This means that it cannot be used on user's desktop or on SharePoint Online Office 365.
• The output is a hard to read list and doesn't provide deep insight.
• Site visualization is lost.

 

Option 3 - Use A Tool Like PortalFront SharePoint News Slider

Tru Permission Auditor is a tool you install on any desktop, it doesn't have to be on the server and addresses the challenges brought by the out of the box and Powershell options. It provides you with a nice interface to

1. Explore permissions via a tree (Adhoc) highlighting areas of unique permissions.
2. Do full unique permission reports that are visually appealing and easier to follow.

 

​

 

Once you connect  to your site you can launch the Unique Permission Browser. Items in red identify unique permissions.

​Quickly identify objects with unique permissionsDouble click to quickly view the document or item.See applied permissions on lists and items quickly.Navigate inside lists and libraries for special permissionsNavigate quickly to the permissions page in the browser.

 

 

 

You also have the option of running a complete report that shows all unique permissions and who has access to them.

​

Tru Permissions Can be downloaded here

 

 

Conclusion

We saw three options for analyzing unique permissions in SharePoint. The out of the box option is great if you have a very limited scope and use for your task. Maybe you want to do a one time audit. But that option doesn't scale well if you govern a lot of content. The Poweshell gives you a great automated full site scan allowing you to go through and verify permissions quickly. Tru Audit is a great tool overall for better permission management, allow you to identify unique permissiosn quickly using its permission browser and also jump quickly to content and permission pages to correct or verify access. It also provides you with a report at the whole site level or a library level and runs on any desktop machine.