SharePoint has a built-in mechanism to manage access requests. Users can request access to sites and documents when they are denied access, or they can request additional privileges to update content if they only have read access.
The requests go to one or more email addresses which are defined at the site level. The definitions follow inheritance, meaning that if a child site inherits its parent’s permissions, the child site will inherit the access request settings as well. The property to check if a site is inheriting permissions is named HasUniqueRoleDefinitions.
There are two properties which control the access request configuration, first is RequestAccessEnabled, a Boolean flag which turns on or off the access request feature for the site. The second property defines one or more email addresses where requests will be sent to. It is named RequestAccessEmail. To specify multiple email addresses, separate each with a semicolon. The image below illustrates the GUI for modifying these two properties. It is accessed on the site permissions page, on the far right of the ribbon.
Today I will share some sample code which walks through every site collection and site within a given web application, and writes to the screen the relevant access request settings.
Add-PSSnapin Microsoft.SharePoint.Powershell
$webapp = Get-SPWebApplication "Portal Home"
foreach($spsite in $webapp.Sites)
{
foreach($web in $spsite.AllWebs)
{
Write-Host "On Web" $web.Title ", URL" $web.URL
if (!$web.HasUniqueRoleDefinitions) {
Write-Host "`tAccess request settings inherited from parent."
}
if ($web.RequestAccessEnabled) {
Write-Host "`tAccess requests go to :" $web.RequestAccessEmail
}
else {
Write-Host "`tAccess requests are disabled."
}
}
}
