One user needs read-only access to every single SharePoint library

I have a SharePoint 2010 Site that has multiple (Probably in the hundreds) of Document Libraries, each one with their own set of unique permissions.  One user needs read-only access to every single library.  I am sure this can be accomplished via PowerShell script, but I know very little about scripting, and can't seem to find anything that will help me.  
So basically, I have a website https://sp.website.com/sites/specific_site/
in that site, I have tons of Document Libraries.  What I am trying to accomplish, is to give user "DOMAIN\first.last" "Read-Only" permissions to all of the document libraries, without having to go in each one and assign the permissions from there.  I don't want to remove or change any other permissions, I just want to add the specific user and give then "Read-Only" permissions. I know very little about scripting, so I kind of need this spelled out for me.

SP setup details:
*SP and SQL are on separate servers.
*SP Server OS: 2008 R2 datacenter
*SP 2010
*SQL server OS 2008 R2 datacenter
*SQL server 2008 ENT
LVL 1
ID10TzAsked:
Who is Participating?
 
Jamie McAllister MVPSharePoint ConsultantCommented:
The top level group won;t work due to broken inheritance.

Though I do suggest you use a Group rather than a username in your script for reasons mentioned above.

This script would form the basis of a solution;

https://sharepoint.stackexchange.com/questions/58293/add-group-to-library-permissions-using-powershell

If you are unable to customize this script yourself raise a job in Gigs or some such.
1
 
Walter CurtisSharePoint AEDCommented:
You can grant access to EVERYTHING, read only, via a user policy found in Central Administration. That may be more access than you want to grant, but it is very effective and simple to do.

Hope that helps...
1
 
Jamie McAllister MVPSharePoint ConsultantCommented:
I agree with Walter. Central Admin and create a read only user policy for that user. No scripting required.

This is a guide to the necessary steps;

https://docs.microsoft.com/en-us/SharePoint/administration/manage-permission-policies-for-a-web-application
1
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
ID10TzAuthor Commented:
reviewing now, but I dont have to go by each folder individually to do this do I?
0
 
Jamie McAllister MVPSharePoint ConsultantCommented:
No, this is a one-stop action in Central Admin. That's why it's so powerful.
0
 
ID10TzAuthor Commented:
but this is for 2016, do we have something for 2010?
0
 
Jamie McAllister MVPSharePoint ConsultantCommented:
It's the same in 2007, 2010, 2013, 2016.
0
 
ID10TzAuthor Commented:
so i could be wrong, but it looks like this applies to all sites. I just want project control.  could there be a way to do this to one particular site?
0
 
Jamie McAllister MVPSharePoint ConsultantCommented:
You are correct, these policies are for the whole Application.

If it's just for one site and if there is broken inheritance within that site then scripting becomes the only way.

If inheritance isn't broken, giving them Reader Rights to the top level would do it.
0
 
ID10TzAuthor Commented:
\inheritance is definitely broken

each DL is for a different folder, but the permissions are different for each folder.
0
 
Jamie McAllister MVPSharePoint ConsultantCommented:
The problem with scripting this is that you're making changes that are a pain to roll back in future. I'd suggest a SharePoint Group or AD Group is defined for this and that is what is given the Read permission - at least users can be added or removed from that easily without having to run script to remove the group or make other changes afterwards.

Have any SharePoint Groups been left in place that the user could be added to?

There are working scripts out there. I suspect you're going to want to make a few changes though. (Apply Group RO permissions on libraries that have broken inheritance but not on those that don't etc )

https://sharepoint.stackexchange.com/questions/58293/add-group-to-library-permissions-using-powershell

In all seriousness as this is a development task and will affect your production environment you should consider hiring someone formally through Gigs to get it done.
0
 
ID10TzAuthor Commented:
creating a new group at top level RO access will not work since inheritance is broken, correct?
0
 
Jamie McAllister MVPSharePoint ConsultantCommented:
Correct. I'm saying that rather than write script to add the user to the RO permissions create a Group and add that. Then later if Compliance want this persons rights removed or someone else added you can modify the group membership rather than run more scripts.
0
 
ID10TzAuthor Commented:
The user already has RO permissions. The issue is the user cant see all the folders since so many are nested. We just dont want to go through every folder assigning RO.

Hoped I could get a PS script or maybe a group from top level RO can somehow be propagated down even though inheritance has been broken by design.
0
 
ID10TzAuthor Commented:
thank you
0
All Courses

From novice to tech pro — start learning today.