The following macros are not currently supported in the header:
  • style

How to Clean Up SharePoint User Permissions

Owned by Chris Ang
Last updated: Jun 20, 2018
4 min read

Author: The content of this macro can only be viewed by users who have logged in.

Using the SharePoint Essentials Toolkit

Description

Easily identify permissions in the sites, lists, and items. You can clone, 'bulk' remove, swap users/groups and accounts using Permissions Manager.

Step-by-step guide

With the best intentions in the world, permissions within SharePoint never stay the same once we all start using it. We try our best to use Active Directory Groups, SharePoint Site Groups and limit specific users from being added, however it never stays that way. That’s where the SharePoint Essential Toolkit can help us again not just with running permissions reports to look at, but we can then cleanup permissions as needed.

To begin with let’s run a standard permissions report. This can be done by selecting the site you wish to run the report for, right clicking and choosing Permissions Report.

As normal, set the Job Name, the sites to use, and then the report options. For this we will only select “List Permissions“.

Once the report has completed you will see just the “List Permissions” link available that when clicked will take you to the results.

Once here we will pick a specific list that we know has unique permissions. To do this we will drag the “List Title” column as one of the group by headers.

Now we will select a specific library called “Sample Permissions Library“, we can expand it and see the unique accounts that are assigned here. We can tell it is unique by seeing user accounts and the default SharePoint groups listed. We will select our “DEV\celined” account, right click and choose “Edit Permissions“.

Clicking the “Edit Permissions” link will open a new tab where you can see the permissioned for the selected user and then perform other tasks as needed. As always with the SharePoint Essentials Toolkit, each task becomes its own Job that can be ran as needed. For this job, we will call it “Modify Celine Permissions“. If there was more than user that you selected then you can again, group and filter the columns as needed.

Underneath the grid, is the “List Permissions” section where you can perform specific actions that relate to the permissions of the selected user or users.

Selecting “Change Permission Level” allows you to set to one of the standard SharePoint permissions or choose the “custom” and set as you need it.

To cleanup or remove a user account, simply select the “Remove User” and then review the action changes in the “Review Changes” section.

Once you have set the desired values, either single or multiple actions, you can then either Save, Schedule or Run the job. The log itself will then display the actions taken.

Rerunning the “List Permissions” report then confirms the permissions have been modified. You can also see this directly within the SharePoint List permissions. (Red = Before, Green = After)

Though this feature is great, it is probably faster to just make the changes to the specific list you have chosen. However, if you wanted to completely remove a user from everywhere in the SharePoint site you can also use a similar report. This time however we can use the “Check User Permissions” report from within the “Security” tab. For this report, we can give it a name as always, but more importantly populate the “User or Group to Check” value with the specific account we are looking for. Once added we need to select the SharePoint sites to check.

Then as normal you can Save and Schedule the job, or use the new option called Scan Now. This will run the scan process live against the selected SharePoint sites, and generate a report. Once it is completed (this can take some time), click the Open Report link.

Once the report loads you can group and filter as normal, however the real power is when selecting the permissions that you wish to modify. Selecting multiple values from the results list, allows you to then right click and choose the same “Edit Permissions” link we used earlier.

Now click the “Edit Permissions” link which will take you to the same screen we used previously to remove the user and we can do the same but for all the users, groups or locations that were selected.

This will allow you to make bulk updates to user, groups and specific permissions with ease, using a standard report that can be ran from within the SharePoint Essentials Toolkit.


Liam Cleary - SharePoint MVP

Liam Cleary - SharePoint MVP

SharePoint MVP & Part-Time Blogger at QiPoint
Liam began his career as a Trainer of all things computer-related. He quickly realized that programming, breaking, and hacking was a lot more fun. He spent the next few years working within core infrastructure and security services, until he found SharePoint. He now works as a Solution Architect for Protiviti in Virginia. His core focus is to ensure that SharePoint can either natively, or with minimal customization, meet the business requirement. He is also a ten time SharePoint MVP focusing on Architecture but also crosses the boundary into Development. His specialty over the past few years has been security in SharePoint and its surrounding platforms. He can often be found at user groups or conferences (such as Microsoft Ignite) speaking, offering advice, spending time in the community, teaching his kids how to code, raspberry PI programming, hacking the planet, or building LEGO robots.



©2018 QiPoint
2500 Plaza 5, 25th Floor
Harborside Financial Center
Jersey City, NJ 07311 http://www.qipoint.com

Microsoft, Windows, SharePoint, and the SharePoint logos, are either registered trademarks or trademarks of Microsoft Corporation.