Need to know all the sites , files, folders, in SharePoint 2013, where a user has access

Hi ,
I Need to know all the sites , files and  folders, in SharePoint 2013, where a user has access.
Can't find a Viable way to know it.
Ernesto GallardoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tim EdwardsIT Team Lead - Unified Communications & CollaborationCommented:
You will want a tool to get this information, I recommend using the trail of:

E ATech LeadCommented:
How do I find what folders a particular user has access to in SharePoint:

Few more informative links for getting a list of sites that a user has access to in SharePoint:

Furthermore, if you wants to find the permission changes in SharePoint 2013 site collection, get help from this link:

Hope this helps!
Ernesto GallardoAuthor Commented:
Hi Guys,
Thanks for your help. I found the following script. It really helped me in just 15 minutes.

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue

#Function to retrieve Permission data - Coded by Salaudeen Rajack:
Function Get-PermissionInfo([String]$UserID, [Microsoft.SharePoint.SPSecurableObject]$Object)
 #Object Array to hold Permission data
    $PermissionDataCollection = @()
 #Determine the given Object type and Get URL of it
  "Microsoft.SharePoint.SPWeb"  { $ObjectType = "Site" ; $ObjectURL = $Object.URL }
   if($Object.Folder -ne $null)
     $ObjectType = "Folder" ; $ObjectURL = "$($Object.Web.Url)/$($Object.Url)"
    $ObjectType = "List Item"; $ObjectURL = "$($Object.Web.Url)/$($Object.Url)"
  #Microsoft.SharePoint.SPList, Microsoft.SharePoint.SPDocumentLibrary, "Microsoft.SharePoint.SPPictureLibrary",etc
  default { $ObjectType = "List/Library"; $ObjectURL = "$($Object.ParentWeb.Url)/$($Object.RootFolder.URL)" }
 #Get Permissions of the user on given object - Such as: Web, List, Folder, ListItem
 $UserPermissionInfo = $Object.GetUserEffectivePermissionInfo($UserID)
 #Iterate through each permission and get the details
 foreach($UserRoleAssignment in $UserPermissionInfo.RoleAssignments)
  #Get all permission levels assigned to User account directly or via SharePOint Group
        foreach ($UserRoleDefinition in $UserRoleAssignment.RoleDefinitionBindings)
   #Exclude "Limited Accesses"
   if($UserRoleDefinition.Name -ne "Limited Access")
          $UserPermissions += $UserRoleDefinition.Name
  #Determine Permissions granted directly or through SharePoint Group
   if($UserRoleAssignment.Member -is [Microsoft.SharePoint.SPGroup])  
     $PermissionType = "Member of SharePoint Group: " + $UserRoleAssignment.Member.Name    
    $PermissionType = "Direct Permission"
   $UserPermissions = $UserPermissions -join ";"
   #Create an object to hold storage data
         $PermissionData = New-Object PSObject
         $PermissionData | Add-Member -type NoteProperty -name "Object" -value $ObjectType
   $PermissionData | Add-Member -type NoteProperty -name "Title" -value $Object.Title
         $PermissionData | Add-Member -type NoteProperty -name "URL" -value $ObjectURL
   $PermissionData | Add-Member -type NoteProperty -name "Permission Type" -value $PermissionType
   $PermissionData | Add-Member -type NoteProperty -name "Permissions" -value $UserPermissions
   $PermissionDataCollection += $PermissionData
 Return $PermissionDataCollection
#Function to Generate Permission Report
Function Generate-PermissionReport($UserID, $WebAppURL, $ReportPath)
    #Output Report location, delete the file, If already exist!
    if (Test-Path $ReportPath)
        Remove-Item $ReportPath
   #Write Output Report CSV File Headers
  "Object, Title, URL, Permission Type, Permissions" | out-file $ReportPath
 ###Check Whether the Search Users is a Farm Administrator ###
 Write-host "Scanning Farm Administrators..."
   #Get the SharePoint Central Administration site
   $AdminWebApp = Get-SPwebapplication -includecentraladministration | where {$_.IsAdministrationWebApplication}
    $AdminSite = Get-SPWeb $AdminWebApp.Url
    $AdminGroupName = $AdminSite.AssociatedOwnerGroup
    $FarmAdminGroup = $AdminSite.SiteGroups[$AdminGroupName]
 #enumerate in farm adminidtrators groups
    foreach ($user in $FarmAdminGroup.users)
     if($user.LoginName.Endswith($UserID,1)) #1 to Ignore Case
       "Farm, $($AdminSite.Title), $($AdminWebApp.URL), Farm Administrators Group, Farm Administrator" | Out-File $ReportPath -Append
 ### Check Web Application User Policies ###
 Write-host "Scanning Web Application Policies..."
  $WebApp = Get-SPWebApplication $WebAppURL
  foreach ($Policy in $WebApp.Policies)
      #Check if the search users is member of the group
       #Write-Host $Policy.UserName
       foreach($Role in $Policy.PolicyRoleBindings)
        $PolicyRoles+= $Role.Name +";"
   #Send Data to CSV File
      "Web Application, $($WebApp.Name), $($WebApp.URL), Web Application Policy, $($PolicyRoles)" | Out-File $ReportPath -Append
 #Convert UserID Into Claims format - If WebApp is claims based! Domain\User to i:0#.w|Domain\User
        $ClaimsUserID = (New-SPClaimsPrincipal -identity $UserID -identitytype 1).ToEncodedString()
 #Get all Site collections of given web app
 $SiteCollections = Get-SPSite -WebApplication $WebAppURL -Limit All
 #Loop through all site collections
    foreach($Site in $SiteCollections)
     Write-host "Scanning Site Collection:" $site.Url
  ###Check Whether the User is a Site Collection Administrator
     foreach($SiteCollAdmin in $Site.RootWeb.SiteAdministrators)
       "Site Collection, $($Site.RootWeb.Title), $($Site.RootWeb.Url), Site Collection Administrators Group, Site Collection Administrator" | Out-File $ReportPath -Append
  #Get all webs
  $WebsCollection = $Site.AllWebs
  #Loop throuh each Site (web)
  foreach($Web in $WebsCollection)
       if($Web.HasUniqueRoleAssignments -eq $True)
     Write-host "Scanning Site:" $Web.Url
     #Get Permissions of the user on Web
     $WebPermissions = Get-PermissionInfo $ClaimsUserID $Web
     #Export Web permission data to CSV file - Append
     $WebPermissions |  Export-csv $ReportPath  -notypeinformation -Append
    #Check Lists with Unique Permissions
    Write-host "Scanning Lists on $($web.url)..."
    foreach($List in $web.Lists)
              if($List.HasUniqueRoleAssignments -eq $True -and ($List.Hidden -eq $false))
      #Get Permissions of the user on list
                        $ListPermissions = Get-PermissionInfo $ClaimsUserID $List
      #Export Web permission data to CSV file - Append
      $ListPermissions |  Export-csv $ReportPath -notypeinformation -Append      
     #Check Folders with Unique Permissions
     $UniqueFolders = $List.Folders | where { $_.HasUniqueRoleAssignments -eq $True }                  
                    #Get Folder permissions
                    foreach($folder in $UniqueFolders)
                        $FolderPermissions = Get-PermissionInfo $ClaimsUserID $folder
      #Export Folder permission data to CSV file - Append
      $FolderPermissions |  Export-csv $ReportPath -notypeinformation -Append  
     #Check List Items with Unique Permissions
     $UniqueItems = $List.Items | where { $_.HasUniqueRoleAssignments -eq $True }
                    #Get Item level permissions
                    foreach($item in $UniqueItems)
                        $ItemPermissions = Get-PermissionInfo $ClaimsUserID $Item
      #Export List Items permission data to CSV file - Append
      $ItemPermissions |  Export-csv $ReportPath -notypeinformation -Append  
 Write-Host Permission Report Generated successfully!
#Input Variables
$WebAppURL = ""
$Userid ="Crescent\Salaudeen"
$ReportPath = "D:\Reports\PermissionRpt.csv"
#Call the function to generate user access report
Generate-PermissionReport $Userid $WebAppURL $ReportPath

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ernesto GallardoAuthor Commented:
It worked and provide me with a csv file with all the sites, lists, files that the user had access, also those when the permission was assigned to a group where the user was a member of.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SharePoint

From novice to tech pro — start learning today.