One user needs read-only access to every single SharePoint library

I have a SharePoint 2010 Site that has multiple (Probably in the hundreds) of Document Libraries, each one with their own set of unique permissions.  One user needs read-only access to every single library.  I am sure this can be accomplished via PowerShell script, but I know very little about scripting, and can't seem to find anything that will help me.  
So basically, I have a website
in that site, I have tons of Document Libraries.  What I am trying to accomplish, is to give user "DOMAIN\first.last" "Read-Only" permissions to all of the document libraries, without having to go in each one and assign the permissions from there.  I don't want to remove or change any other permissions, I just want to add the specific user and give then "Read-Only" permissions. I know very little about scripting, so I kind of need this spelled out for me.

SP setup details:
*SP and SQL are on separate servers.
*SP Server OS: 2008 R2 datacenter
*SP 2010
*SQL server OS 2008 R2 datacenter
*SQL server 2008 ENT
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Walter CurtisSharePoint AEDCommented:
You can grant access to EVERYTHING, read only, via a user policy found in Central Administration. That may be more access than you want to grant, but it is very effective and simple to do.

Hope that helps...
Jamie McAllister MVPSharePoint ConsultantCommented:
I agree with Walter. Central Admin and create a read only user policy for that user. No scripting required.

This is a guide to the necessary steps;
ID10TzAuthor Commented:
reviewing now, but I dont have to go by each folder individually to do this do I?
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Jamie McAllister MVPSharePoint ConsultantCommented:
No, this is a one-stop action in Central Admin. That's why it's so powerful.
ID10TzAuthor Commented:
but this is for 2016, do we have something for 2010?
Jamie McAllister MVPSharePoint ConsultantCommented:
It's the same in 2007, 2010, 2013, 2016.
ID10TzAuthor Commented:
so i could be wrong, but it looks like this applies to all sites. I just want project control.  could there be a way to do this to one particular site?
Jamie McAllister MVPSharePoint ConsultantCommented:
You are correct, these policies are for the whole Application.

If it's just for one site and if there is broken inheritance within that site then scripting becomes the only way.

If inheritance isn't broken, giving them Reader Rights to the top level would do it.
ID10TzAuthor Commented:
\inheritance is definitely broken

each DL is for a different folder, but the permissions are different for each folder.
Jamie McAllister MVPSharePoint ConsultantCommented:
The problem with scripting this is that you're making changes that are a pain to roll back in future. I'd suggest a SharePoint Group or AD Group is defined for this and that is what is given the Read permission - at least users can be added or removed from that easily without having to run script to remove the group or make other changes afterwards.

Have any SharePoint Groups been left in place that the user could be added to?

There are working scripts out there. I suspect you're going to want to make a few changes though. (Apply Group RO permissions on libraries that have broken inheritance but not on those that don't etc )

In all seriousness as this is a development task and will affect your production environment you should consider hiring someone formally through Gigs to get it done.
ID10TzAuthor Commented:
creating a new group at top level RO access will not work since inheritance is broken, correct?
Jamie McAllister MVPSharePoint ConsultantCommented:
Correct. I'm saying that rather than write script to add the user to the RO permissions create a Group and add that. Then later if Compliance want this persons rights removed or someone else added you can modify the group membership rather than run more scripts.
ID10TzAuthor Commented:
The user already has RO permissions. The issue is the user cant see all the folders since so many are nested. We just dont want to go through every folder assigning RO.

Hoped I could get a PS script or maybe a group from top level RO can somehow be propagated down even though inheritance has been broken by design.
Jamie McAllister MVPSharePoint ConsultantCommented:
The top level group won;t work due to broken inheritance.

Though I do suggest you use a Group rather than a username in your script for reasons mentioned above.

This script would form the basis of a solution;

If you are unable to customize this script yourself raise a job in Gigs or some such.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ID10TzAuthor Commented:
thank you
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.