One of Microsoft's field engineers posted about a community project, the Access Checker. The project will show a site collection's hierarchy with an overlay showing if a specific user account has the specified permission. For an administrator, it is a very helpful tool.
The blog post references DeliverPoint, and in fact we do help discover the permissions of a security principal (user or group) as well as the assignments on a securable object (site collection, site, list, list item). I want to point out a few key differences:
- DeliverPoint has a cache of your SharePoint farm, so we do not need to catch all the Access Denied exceptions
- This cache provides for much better performance
- DeliverPoint is security trimmed (just like SharePoint), so sites to which the target user does not have access are not shown. In addition, the permissions of the current user are considered as well. In other words, sites that the current user does not have the View Permissions right are not displayed.
- However, DeliverPoint has an "operator" feature that will override the current users permissions
The Access Checker project has a very intriguing interface. Would you like to see this added to DeliverPoint?
