Use case: We recently worked with one of the world leading IT audit companies. They had a project to audit a SharePoint farm security for a customer. One of the key things they wanted to check was: “Who are the users that have privileged, admin access to the entire SharePoint farm?”
Users can be granted full admin access on so many different levels including:
- Farm Administrators
- Web Application Policies
- Site Collection Owners / Administrators
When you combine all that with the fact that in most cases you can use AD Security Groups and give permissions to groups you end up in a maze of permissions and inherited permissions. That’s why we decided to solve this problem once and for all. A new report called Users with Privileged Access was added to the latest release of Documentation Toolkit for SharePoint and it solves this problem. Here is how this report looks like (click to expand):
As you can see, we will show you all the users that have admin rights along with all the members of various AD and local groups that were also given privileged access.