WebApplication policy
A web application is composed of an Internet Information Services (IIS) web site that acts as a logical container for the site collections that you create. Before you can create a site collection, you must create a web application.
A web application can contain multiple site collections. Managing permissions for multiple collections can be difficult, especially if some users or groups need permissions other than those that apply for the whole web application.
Permission policies provide a centralized way to configure and manage a set of permissions that applies to only a subset of users or groups in a web application.
Below piece of code gets the webapplication user policy details for all the webapplications in SharePoint farm.
- Function GetAllWebAppPolicy()
- {
- $Output = $scriptBase + "\" + "FarmWebAppPolicyDetails.csv";
- "WebAppURL" + "," + "UserName" + "," + "Permissions" | Out-File -Encoding Default -FilePath $Output;
- $empty = ""
- $webapplications = get-spwebapplication
- foreach($webapplication in $webapplications)
- {
- $webapplication.url + "," + $empty + "," + $empty | Out-File -Encoding Default -Append -FilePath $Output;
- write-host "Generating web policy report for the web aplication" $webapplication.url -fore magenta
- foreach($policy in $webapplication.policies)
- {
- write-host $policy.username -fore cyan
- $empty + "," + $policy.username + "," + $empty | Out-File -Encoding Default -Append -FilePath $Output;
- foreach($role in $policy.PolicyRoleBindings)
- {
- write-host $role.name -fore yellow
- $empty + "," + $empty + "," + $role.name | Out-File -Encoding Default -Append -FilePath $Output;
- }
- }
- }
- write-host "Web policy report generated" -fore green
- }
Complete Code
- $LogTime = Get-Date -Format yyyy-MM-dd_hh-mm
- $LogFile = ".\GetAddRemoveUsersToSPFarmAdminGroupPatch-$LogTime.rtf"
- # Add SharePoint PowerShell Snapin
- if ( (Get-PSSnapin -Name Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue) -eq $null ) {
- Add-PSSnapin Microsoft.SharePoint.Powershell;
- }
- import-module WebAdministration
- $scriptBase = split-path $SCRIPT:MyInvocation.MyCommand.Path -parent
- Set-Location $scriptBase
- write-host "TESTING FOR LOG FOLDER EXISTENCE" -fore yellow
- $TestLogFolder = test-path -path $scriptbase\Logs
- if($TestLogFolder)
- {
- write-host "The log folder already exist in the script location" -fore yellow
- $clearlogfolder = read-host "Do you want to clear the log folder (y/n)"
- if($clearlogfolder -eq 'y')
- {
- write-host "The user choosen to clear the log folder" -fore yellow
- write-host "Clearing the log folder" -fore yellow
- remove-item $scriptbase\Logs\* -recurse -confirm: $false
- write-host "Log folder cleared" -fore yellow;
- }
- else {
- write-host "The user choosen not to clear the log files" -fore yellow;
- }
- }
- else {
- write-host "Log folder does not exist" -fore yellow
- write-host "Creating a log folder" -fore yellow
- New-Item $Scriptbase\Logs -type directory
- write-host "Log folder created" -fore yellow;
- }
- #moving any .rtf files in the scriptbase location
- $FindRTFFile = Get-ChildItem $scriptBase\*.* -include *.rtf
- if($FindRTFFile) {
- write-host "Some old log files are found in the script location" -fore yellow
- write-host "Moving old log files into the Logs folder" -fore yellow
- foreach($file in $FindRTFFile)
- {
- move-item -path $file -destination $scriptbase\logs;
- }
- write-host "Old log files moved successfully" -fore yellow;
- }
- $TestPath = test-path -path $scriptbase\SitesinFarm.txt
- if($TestPath) {
- remove-item $scriptbase\SitesinFarm.txt;
- }
- start-transcript $logfile
- Function GetAllWebAppPolicy() {
- $Output = $scriptBase + "\" + "FarmWebAppPolicyDetails.csv";
- "WebAppURL" + "," + "UserName" + "," + "Permissions" | Out-File -Encoding Default -FilePath $Output;
- $empty = ""
- $webapplications = get-spwebapplication
- foreach($webapplication in $webapplications)
- {
- $webapplication.url + "," + $empty + "," + $empty | Out-File -Encoding Default -Append -FilePath $Output;
- write-host "Generating web policy report for the web aplication" $webapplication.url -fore magenta
- foreach($policy in $webapplication.policies)
- {
- write-host $policy.username -fore cyan
- $empty + "," + $policy.username + "," + $empty | Out-File -Encoding Default -Append -FilePath $Output;
- foreach($role in $policy.PolicyRoleBindings)
- {
- write-host $role.name -fore yellow
- $empty + "," + $empty + "," + $role.name | Out-File -Encoding Default -Append -FilePath $Output;
- }
- }
- }
- write-host "Web policy report generated" -fore green
- }
- write-host ""
- GetAllWebAppPolicy
- write-host "SCRIPT COMPLETED" -fore green
- stop-transcript
Conclusion
Thus this article outlines on how to get webapplication user policy details using powershell script.