SUSHI Feature - Security Reports
SUSHI gives you the ability to display all the sites and lists a user has access to across an entire site collection. This is a fantstically useful feature. SUSHI also offers several other valuable security auditing reports which will help you get a clearer picture of what security rights a user has and how security is set up accross your SharePoint site collection.full size screenshot
- Show Permissions Inheritance for Site Collection
Report Notes: This report shows all the SharePoint Sites and Lists that do not inherit permissions from their parent. Sites are displayed in blue, Lists are displayed in green. The server relative URL is used, so for example "/" is the root site. If a site is displayed in Gray it is simply a place holder, that site inherits permissions, but at least one of its child Lists does not. This report does not include hidden lists.
- List Group Membership for user
Report Notes: This report shows the SharePoint groups that a user is a member of. It also indicates if a user is a site collection admin. It also displays the Active Directory groups that a user is in. It also shows if a web application policy has been set to grant rights to the user. (Web application policies can be viewed through central admin.) Note that to be able to see Active Directory groups, your login must have at least view rights to the Active Directory database. SUSHI uses a Directory Services LDAP query to determine AD membership.
- All Permissions for a user
Report Notes: This report shows the permissions a user has for all Sites and Lists beneath the selected site. Sites are displayed in blue, and Lists in green. The user name or the SharePoint group is displayed in black, with the permissions in square brackets. Active Directory groups are displayed in navy blue.
To use this report, simply select the user from the dropdown and click "Find All Permissions". This report does not include hidden lists. By default the report will display only sites and lists that do not inherit permissions from their parent.
Overview of SharePoint Security
A user can gain access to SharePoint in one of four ways:
- Given access directly through site settings-> permissions.
- Sharepoint group membership.
- Active Directory group membership.
- Web application policy. This policy is controlled through central administration and is usually only used for the crawler account. (see screenshot below)