Updated 6/12/2015
The following works for both SharePoint 2010 and 2013.
So who has control in your SharePoint?
Some users are members of the site's Owners group while others have been directly given Full Control. Some may be Site Collection Administrators or even have "super powers" granted at the Web Application level. How do you find these?
PowerShell to the rescue!
Get all users who are members of the "Owners" groups.
Get-SPSite -Limit All |
Get-SPWeb -Limit All |
where { $_.HasUniquePerm -and $_.AssociatedOwnerGroup -ne $null } |
foreach { $TTNweburl = $_.Url; $_ } |
Select -ExpandProperty AssociatedOwnerGroup |
Select -ExpandProperty Users |
Select {$TTNweburl}, UserLogin, DisplayName
Get all users directly given Full Control
Get-SPSite -Limit All |
Get-SPWeb -Limit All |
Where { $_.HasUniquePerm } |
foreach { $TTNweb = $_; $_ } |
Select -ExpandProperty Users |
Where { $TTNweb.DoesUserHavePermissions($_,[Microsoft.SharePoint.SPBasePermissions]::FullMask) } |
Select {$TTNweb.Url}, UserLogin, DisplayName
You could also find users with Full Control like roles by testing for "ManageWeb" or "ManagePermissions". For a list of the permission types use:
[System.Enum]::GetNames("Microsoft.SharePoint.SPBasePermissions")
Get all users who are Site Collection Administrators:
Get-SPSite -Limit All |
Get-SPWeb -Limit All |
where { $_.HasUniquePerm } |
foreach { $TTNweburl = $_.Url; $_ } |
Select -ExpandProperty Users |
Where { $_.IsSiteAdmin } |
Select {$TTNweburl}, UserLogin, DisplayName
Who else can see the content, and might have Full Control?
Some users may have access to site content via Web Application level policies. These are set in Central Administration in the Web Application Management section.
Get-SPWebApplication |
foreach { $TTNwebappUrl = $_.Url; $_ } |
Select -ExpandProperty Policies |
Select {$TTNwebappUrl}, DisplayName, IsSystemUser, PolicyRoleBindings, UserName | FT
.
