Thursday, April 10, 2008

Retrieving Windows SharePoint Services user access rights from the database

I case you ever need to know which access rights a given user has on your Windows SharePoint Services (WSS) site, you may find the following SQL scripts useful.

This SQL script (simply execute it against the database that has your WSS content) accepts either an email address (@search_email = '') or the Windows login name (@search_account='ACME\JohnD').

If the given user is found, it will return three tables: The data of the user as WSS sees it, the groups to which the user belongs and finally to which sites the user has access to.

DECLARE @search_email varchar(100)
DECLARE @search_account varchar(100)

SET @search_email='
--SET @search_account='ACME\JohnD'

DECLARE @userid int

-- Retrieve user ID
IF (@search_account is null) BEGIN
select @userid=tp_ID from userinfo where tp_Email = @search_email
select @userid=tp_ID from userinfo where tp_Login = @search_account

-- Show found user
SELECT '' as 'User Info',
tp_ID,tp_Login,tp_Title from userinfo where tp_ID=@userid

-- Show group membership
SELECT '' as 'Group membership',
ID,Title,Description from groups where id in
( SELECT groupid from groupmembership where memberid=@userid )
order by Title

-- Show Access rights
SELECT '' as 'Access rights',
Title, FulLURL from Webs where id in
( SELECT WebId FROM WebMembers WHERE (UserId = @userid) )
order by Title


  1. Great post. Thanks.

    Is there a method to retrieve which rights the user has on a site?

    I would like to make a list of sites where a user has more that just read access..


  2. I guess this data should be in the database as well, but to be honest I never look into this.