Part 1: SharePoint admin\u2019s dream: Centralized permissions management<\/a> <\/p>\n Permissions reporting and forensics are usually only needed when a problem arises. Who has permissions on certain securable objects? And, more importantly, why? If you think these questions are unnecessary and overblown, just remember the rumors that Edward Snowden was a SharePoint admin before he started his new life in Russia.<\/p>\n SharePoint permissions are serious business, and they must be thought of as having the highest importance. A lot of sensitive corporate information is stored in SharePoint, and giving unauthorized people access to classified content can pose a big threat. It is, therefore, important to be able to report, at any time, who has permissions and through which channels those permissions are given.<\/p>\n SharePoint does not offer that ability out of the box, and it is a hassle to code that in PowerShell. At this time, SPDocKit is the only tool on the market that can cover those use cases and perform full permissions forensics.<\/p>\n Besides forensics, SPDocKit can help you keep your SharePoint clean by removing unused users and groups. In the Permission Reports section, you can easily detect groups that do not have any permissions in their sites, groups owned by a disabled SharePoint user, or groups containing disabled or orphaned users. You can then easily sort out those issues by cleaning up those groups and users or giving them the necessary permissions.<\/p>\n Report on SharePoint groups without any given permissions<\/em><\/p><\/blockquote>\n Report on orphaned users (users that are disabled or deleted in the active directory, but had access to the farm and can still be found in SharePoint). <\/em><\/p>\n<\/blockquote>\n Report on users without any permissions in site collection<\/p><\/blockquote>\n Besides these simple but necessary cleaning tasks, the real strength of SPDocKit permission reports lies in permissions forensics. With these forensics reports, we can easily determine who has access to the data and why.<\/p>\n For each SharePoint securable object, including sites, lists, and list items, SPDocKit will tell us who has permissions on those objects and how they were given.<\/p>\n The report above shows the permissions for a SharePoint site grouped by permission. You can use this report to find out that for some reason, the cleaning lady has \u201cAdd items\u201d permission on the management site and that she got it through her membership in the \u201cCleaningStaff\u201d Active Directory group. That group is a member of the \u201cPortal Contributors\u201d SharePoint group, which has been assigned the \u201cContribute\u201d permission level for that particular site. That permission level, of course, contains \u201cAdd items\u201d permission. You can find all that information in just one click. This is the ultimate governance\/compliance report when it comes to SharePoint permissions.<\/p>\n Of course, this can be broken down into numerous other useful reports and information overviews. The next report shows the matrix of Principals (SharePoint Groups and SharePoint users) and permission levels, including the roles each principal has on the site, in a graphically appealing way.<\/p>\n Furthermore, one of the most commonly requested reports is a quick overview of securable objects (i.e., sites, lists, and list items) with broken permission inheritances. You can get this report in one click with SPDocKit.<\/p>\n In addition to the securable object and permission level reports, SPDocKit offers important principal-based reports so administrators can easily determine which permissions a SharePoint user or SharePoint group has in one or more site collections. With these user-centric reports, administrators can see which permissions a principal has and how those permissions were given (e.g., through SharePoint Groups, AD Groups, or directly) and act accordingly. If anyone had pulled such a report on that Snowden guy, certain things that happened probably would not have happened.<\/p>\n
\nPart 2: Batch permissions management with SPDocKit<\/a>
\nPart 3: On-the-fly permissions management with SPDocKit<\/a>
\nPart 4: Permissions reporting and forensics with SPDocKit<\/a><\/p>\n![\"c992\"](\"https:\/\/blog.sharedove.com\/adisjugo\/wp-content\/uploads\/2015\/04\/c992_thumb.jpg\" "\\"c992\\"")
<\/a><\/p>\n![\"c993\"](\"https:\/\/blog.sharedove.com\/adisjugo\/wp-content\/uploads\/2015\/04\/c993_thumb.jpg\" "\\"c993\\"")
<\/a><\/em><\/p>\n\n
![\"c993\"](\"https:\/\/blog.sharedove.com\/adisjugo\/wp-content\/uploads\/2015\/04\/c993_thumb1.jpg\" "\\"c993\\"")
<\/a><\/p>\n![\"c995\"](\"https:\/\/blog.sharedove.com\/adisjugo\/wp-content\/uploads\/2015\/04\/c995_thumb.jpg\" "\\"c995\\"")
<\/a><\/p>\n![\"c996\"](\"https:\/\/blog.sharedove.com\/adisjugo\/wp-content\/uploads\/2015\/04\/c996_thumb.jpg\" "\\"c996\\"")
<\/a><\/p>\n![\"c997\"](\"https:\/\/blog.sharedove.com\/adisjugo\/wp-content\/uploads\/2015\/04\/c997_thumb.jpg\" "\\"c997\\"")
<\/a><\/p>\n
![\"c998\"](\"https:\/\/blog.sharedove.com\/adisjugo\/wp-content\/uploads\/2015\/04\/c998_thumb.jpg\" "\\"c998\\"")
<\/a><\/p>\n![\"c990\"](\"https:\/\/blog.sharedove.com\/adisjugo\/wp-content\/uploads\/2015\/04\/c990_thumb.jpg\" "\\"c990\\"")
<\/a><\/p>\n