Initialize-SPObjectPermissions.ps1
|
############################## #.SYNOPSIS #Initiaize permission properties (Groups, Users, Permissions) related to objects in SharePoint - Web, List, Item. # #.DESCRIPTION #Initialize RoleAssignments, RoleDefinitionBindings, Groups, Members, etc. to report on the permissions for specific CSOM Object # #.PARAMETER Objects #The CSOM Object(s) we want the permissions properties instantiated on. # #.PARAMETER Display #Displays the permission properties for the Object(s) passed over. This is in development. # # #.EXAMPLE #Initialize-SPObjectPermissions -Objects $Webs -Verbose # #Initialize-SPObjectPermissions -Objects $AllLists -Verbose # #.NOTES #Display is in development ############################## Function Initialize-SPObjectPermissions{ [CmdletBinding()] Param( [Parameter(Mandatory=$true,ValueFromPipeline)] [Microsoft.SharePoint.Client.SecurableObject[]]$Objects, [Parameter(Mandatory=$false)] [Switch]$Display ) #Doing this for each object $Objects | ForEach-Object { $object = $_ Write-Progress -Activity "Initialize Permission Properties on $($Object.Gettype().Name)" -Status $_.Title -PercentComplete ((($Objects.IndexOf($_) + 1) / ($Objects.Count)) * 100) Write-Verbose "Initializing Permissions on $($Object.Gettype().Name) - $($Object.Title)" #If we are not displaying Only #If(!$Display){ #Initialize the permission/security properties we want available. We don't want verbose logging for the commands in the module. $vp = $VerbosePreference $VerbosePreference = "SilentlyContinue" Initialize-SPOCSOMObjectProperty -Objects $Object -PropertyName @("HasUniqueRoleAssignments","RoleAssignments") Initialize-SPOCSOMObjectProperty -Objects $Object.RoleAssignments -PropertyName @("Member","roledefinitionbindings") $VerbosePreference = $vp #Foreach RoleAssignmet on the object, check if it's a group. If it's a group try to instantiate the users list for the group. $Object.RoleAssignments | ForEach-Object{ #If users are available, it's a group object. if($false -eq $_.Member.Users.AreItemsAvailable){ #Initialize-SPOCSOMObjectProperty -Objects $Object.RoleAssignments.Member -PropertyName @("Users") Try{ $t = $_.Member.Title Initialize-SPOCSOMCollections -CSOMCollection $_.Member.Users -ErrorAction Stop } #We failed to instantiate the group list. This is probably due to not having permission to read the group membership. Write a warning and report the error. Catch{ $e = $_.Exception.InnerException Write-Warning "Failed to Instantiate Users on Group $t - $($e.Message)" } } } #} #This is for display purposes and is still in development. Need to choose what to display based on the Object(s) passed in. Switch ($Object.GetType().Name){ "Web" { #$Object.RoleAssignments | Select-Object @{L="Site";E={$Ctx.Url}},@{L="Parent";E={$ListName}},@{L="Member";E={$_.Member.LoginName}},@{L="Email Address";E={If($_.Member.Email){$_.Member.Email}Else{$_.Member.Users.Email}}},@{L="Permissions";E={$_.RoleDefinitionBindings.Name -Join ","}} -ErrorAction SilentlyContinue } "List" { If(!$Object.RootFolder.IsPropertyAvailable('Name')){ Initialize-SPOCSOMCollections -CSOMCollection $Object.RootFolder } If(!$Object.ParentWeb.URL -eq $null){ Initialize-SPOCSOMCollections -CSOMCollection $Object.ParentWeb } $Name = $_.RootFolder.Name #$Object.RoleAssignments | Select-Object @{L="Site";E={$Ctx.Url}},@{L="Parent";E={$ListName}},@{L="Member";E={$_.Member.LoginName}},@{L="Email Address";E={If($_.Member.Email){$_.Member.Email}Else{$_.Member.Users.Email}}},@{L="Permissions";E={$_.RoleDefinitionBindings.Name -Join ","}} -ErrorAction SilentlyContinue } "ListItem" { $_.RoleAssignments | Select-Object @{L="Site";E={$Ctx.Url}},@{L="Document Library";E={$ListName}},@{L="RelativeLocation";E={$RelativeLoc}},@{L="Member";E={$_.Member.LoginName}},@{L="Email Address";E={If($_.Member.Email){$_.Member.Email}Else{$_.Member.Users.Email}}},@{L="Permissions";E={$_.RoleDefinitionBindings.Name -Join ","}} -ErrorAction SilentlyContinue } } } } |