I am delighted to write this post as I have achieved and learned quite a lot in the process of resolving a permissions issue. I had a strange requirement for one of my clients about restoring users and permissions deleted on site and document library level. There is only way to get around the issue is to restore the whole database, unless you have any third party tool in place to take care of the situation just to restore permissions. But as users have recently uploaded several year end reports, created several folders with lots permissions inheritance broken, which they were not prepared to lose. So restoring DB is out of scope. I was stuck in a strange situation on what to do. My initial thoughts were to restore the DB from the day before on the test server and export and import list permissions using Garry Lapointe’s export and import commands. But the issue was on the new folders created on live DB, when I try to import list security, all users were removed on new folders created on live. Then the option was to merge both the exported XML from live and test to overcome this new folder issue and restore permissions back to how it was before. Let’s start on how to: 1. First download Liquid XML tool, which is a handy tool to do most of your work. 2. Restore DB on your test server (I will not be covering on how to restore DB on SQL Server) 3. Run blow commands on the library where you would like the permissions removed, on both test and live servers.
stsadm -o gl-exportlistsecurity -url http://portal/documents/forms/allitems.aspx -outputfile c:\test_security.xml -scope list (RUN ON TEST SERVER) stsadm -o gl-exportlistsecurity -url http://portal/documents/forms/allitems.aspx -outputfile c:\live_security.xml -scope list (RUN ON LIVE SERVER)
4. Install and open Liquid XML tool you have downloaded and add below code and save it to the location where you have saved your exported list security XML files. This XSLT will be used to merge two XML files into one.
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:output indent="yes"/> <xsl:template match="@*|node()"> <xsl:copy> <xsl:apply-templates select="@*|node()" /> </xsl:copy> </xsl:template> <xsl:template match="version"> <xsl:copy> <xsl:apply-templates select="*"/> <xsl:apply-templates select="document('live_security.xml')/RoleAssignments/RoleDefinitionBindings/*" /> </xsl:copy> </xsl:template> </xsl:stylesheet>
5. Then click on Configure Debugger and chose source XML and save it to output XML file. and click Ok. Once you are back to the main console, click on the execute button. It will now merge both files to one single XML, now you should be able to see the output window with the be success information. 6. Now copy, merged XML file to your live server and run below import security command and that’s it, you have restored permissions without DB being restored.
Stsadm -o gl-importlistsecurity -url http://portal/documents/forms/allitems.aspx -inputfile c:\output_security.xml