【发布时间】:2017-12-14 18:50:34
【问题描述】:
我正在尝试使用 CSOM 审核某些 SPOL 网站集,并查找哪些组和网站具有“所有人”权限组正在使用中。有谁知道这是否可能?
【问题讨论】:
标签: powershell sharepoint sharepoint-online csom
我正在尝试使用 CSOM 审核某些 SPOL 网站集,并查找哪些组和网站具有“所有人”权限组正在使用中。有谁知道这是否可能?
【问题讨论】:
标签: powershell sharepoint sharepoint-online csom
Tenant.GetSiteProperties method
Everyone 用户登录名以声明格式在 SPOL 中表示为
c:0(.s|true值 示例
以下示例枚举网站集并打印Everyone 用户所属的组名:
Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
Add-Type -Path "c:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\SharePoint Client Components\16.0\Assemblies\Microsoft.Online.SharePoint.Client.Tenant.dll"
function Get-Sites {
param ([string]$TenantName, [System.Net.ICredentials] $Credentials)
$tenantUrl = "https://$TenantName-admin.sharepoint.com/"
$ctx = New-Object Microsoft.SharePoint.Client.ClientContext($tenantUrl)
$ctx.Credentials = $Credentials
$tenant = New-Object Microsoft.Online.SharePoint.TenantAdministration.Tenant($ctx)
$sites = $tenant.GetSiteProperties(0, $true)
$ctx.Load($sites)
$ctx.ExecuteQuery()
$ctx.Dispose()
return $sites
}
function Get-Users {
param ([string]$SiteUrl, [System.Net.ICredentials] $Credentials)
$ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteUrl)
$ctx.Credentials = $Credentials
$result = $ctx.Web.SiteUsers
$ctx.Load($result)
$ctx.ExecuteQuery()
$ctx.Dispose()
return $result
}
function Expand-UserGroups {
param ([Microsoft.SharePoint.Client.User]$User)
$ctx = $User.Context
$ctx.Load($User.Groups)
$ctx.ExecuteQuery()
}
$tenantName = "contoso"; #put your tenant name here
$userName = "jdoe@contoso.onmicrosoft.com" #put your user name
$password = "" #put your password
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($username, $securePassword)
$sites = Get-Sites -TenantName $tenantName -Credentials $credentials
$everyoneGroupName = "c:0(.s|true"
$sites | % {
#Write-Host $_.Url
$users = Get-Users -SiteUrl $_.Url -Credentials $credentials
$result = $users | where {$_.LoginName -eq $everyoneGroupName}
$result | % {
Expand-UserGroups -User $_
$_.Groups | % { Write-Host $_.LoginName }
}
}
【讨论】:
下面是一个示例,说明如何使用 CSOM 在 SharePoint 中向“每个人”组添加权限:
var user = item.ParentList.ParentWeb.EnsureUser("c:0(.s|true");
var roleBindings = new RoleDefinitionBindingCollection(context);
roleBindings.Add(item.ParentList.ParentWeb.RoleDefinitions.GetByType(roleType));
item.RoleAssignments.Add(principal, roleBindings);
context.ExecuteQuery();
在您的情况下,您必须遍历每个网站集并找到登录名:“c:0(.s|true”,它表示 SharePoint 中组“Everyone”的值。
【讨论】: