Sometimes you find yourself in a situation where you need to give specific permission to users on all sites and webs in your farm. To avoid duplicates, first check if the user has got permission on the site/web before adding another line of user to your permission list.
$contentWebAppServices = (Get-SPFarm).services |
? {$_.typename -eq "Microsoft SharePoint Foundation Web Application"}
foreach($webApp in $contentWebAppServices.WebApplications)
{
Write-Host "Web Application : " $webApp.name
foreach ($site in $webApp.Sites)
{
Write-Host " " $site.url -foregroundcolor "yellow"
foreach ($web in $site.AllWebs)
{
Write-Host " " $web.title -foregroundcolor "magenta"
$permission = Get-SPUser -Web $web.url -Limit All | select UserLogin, @{name="Exlicit given roles";expression={$_.Roles}}, @{name="Roles given via groups";expression={$_.Groups | %{$_.Roles}}},Groups | Where-Object {$_.UserLogin -like "domain\user"}
if ($permission -notlike "Full Control")
{
Write-Host " User hasn't got permission." -foregroundcolor "red"
Set-SPUser -Identity 'domain\user' -Web $web.url -AddPermissionLevel "Full Control"
}
else
{
Write-Host " User has got permission." -foregroundcolor "green"
}
}
$site.dispose()
}
}
