How get distinct users from site and its sub sites?

Question

I got a requirement from client that he wants to know distinct users information from sites and it sub sites those have access to site. There are separate groups for each subsite (contribute, approval and full access). From these all groups find distinct user information.

How can we do that using Object model? Please help me out.

Thanks in advance.

Answer 1

This is one of those very general requirements that gets very difficult very quickly. It sounds like they are trying to create some sort of security audit.

If you assume each site only has SharePoint groups filled with SharePoint users and everything is inheriting permissions, then it is a little easier. You could recursively iterate over each SPWeb (and the sub-SPWeb's in each SPWeb) to find all the SPGroups. Then, using a Dictionary, you would keep track of the users you find and their permission level. Their permission level is determined by their membership in the group and you'd probably use web.RoleAssignments.GetAssignmentByPrincipal(group) (GetAssignmentByPrincipal) to get the list of assignments (Ex: Read, Contribute, etc).

However, the scenario is probably NOT what your client has. Things to think about (some easier to overcome than others):

• What happens when a user exists in multiple groups in the same site?
• Users with individual permissions to a site?
• Broken permission inheritance at a SPWeb level? What about list permissions? Item permissions? What happens when you see Limited Access?
• Are AD groups used anywhere? Do you have to list all the users in each AD group? What about special groups like "ALL AUTHENTICATED USERS"?

Realistically, it is very difficult to write an accurate security audit. The best solution for this is probably to find someone who is familiar with how security should be set up going through each site to fix them.