Run broken inheritance reports
As a site collection administrator, you can generate reports to see if there are any objects such as sites, lists, libraries, list items, or files in libraries that break inheritance from a parent within a site collection. These reports contain information such as the SharePoint groups, users and groups, and permission levels associated to the object, and the permissions associated to each permission level. The report output is XML, but you can easily open the reports in Microsoft Office Excel 2007 to view them.
In this topic
Run a report
Browse to the site that you are interested in.
On the Site Actions menu, point to Site Settings.
On the Site Settings page, under Users and Permissions, click Broken Inheritance Jobs.
In the Manage Broken Inheritance Report Jobs page, click Create.
In the Generate Permission Report page, do the following:
In the Scope box, click Browse, and then select the list or site for which you want to create a report.
In the Report Location box, click Browse, and then select the appropriate location.
Note You can store reports only in a document library such as Shared Documents.
Optionally, select the check boxes next to Expand SharePoint groups membership or Expand roles right.
Note Selecting these options creates reports named GrpMembership.xml and Rights.xml. Choose these options if you want extra details in your report such as membership information for site users and permissions associated to permission levels for each site that breaks inheritance with its parent.
The report status changes from Scheduled to Completed. For the latest report status, select the check box next to a report and then click Refresh. When the Status changes to Completed, click the link in the Report Location column to go to the location where your reports are created..
The report output will always include one default XML file—Permissions.xml—and two additional files—GrpMembership.xml, and Rights.xml—if you have selected the appropriate options to create the reports.
This file lists all objects—sites, lists, list items, or files in libraries—that break inheritance from the parent. You can find specific information such as URLs, users and groups with access to the object, and the permissions that apply to the users and groups.
This report contains information only if there are any sites or lists that break inheritance from the parent.
Lists that hold more than 5,000 items will not be included in the report. You can include lists with more than 5,000 items in your report, but to be able to do so, your server administrator should first unlock the lists in the farm. For more assistance, contact your server administrator. Find more information about unlocking lists in the farm in the See Also section.
URL column indicates the URL of an object (a site, list, folder, file, or list item) that has broken inheritance from its parent.
ObjectType column indicates if the object is a site, list, folder, file, or list item.
UserGroup column indicates the group and users who are associated to the object.
UserLoginName column indicates the alias of the user, if any, for the user listed in the UserGroup column.
Type column indicates if the entry in the UserGroup column is a SharePoint group or a user.
Permissions column indicates the permission level associated to the group or user in the UserGroup column.
ParentPermissions column indicates the permission level associated to the group or user in the UserGroup column at the parent object.
Parenturl indicates the parent URL of the object.
ComparedStatus indicates if the group or user was added or removed, or has remained unchanged since the object was created.
This file lists the SharePoint users and groups belonging to a SharePoint group in sites within the site collection.
This file lists permission levels and their associated permissions that apply to the sites within a site collection.
View reports in Excel
After you create reports, you can open them in Excel 2007 to view them. The reports enable you to quickly detect sites that break inheritance from their parent, their unique permission levels and associated permissions, and the names of users and groups who are using these sites. You can then use this information to change the permissions granted to sites or users as appropriate.
Browse to the location in your site that has the XML reports.
Click the drop-down on the item (or the report), point to Send To, and then click Download a Copy.
In the File Download dialog box, click Save.
In the Save As dialog box, browse to the location where you want to save the file, and then click Save.
Repeat steps 2–4 for each XML report.
Start Excel 2007 and then open one of the saved XML files.
In the Open XML dialog box, click the As an XML table option, and then click OK.
If a message appears indicating that the specified XML source does not refer to a schema and Excel 2007 will create a schema, click OK.