This section will decode an Access Control List (ACLs) from values in a SharePoint Content Database to descrete Access Control Entries (ACEs). This will also translate the values of each ACE into the textual Permission Mask value. The output of this decoder
will present you with "Principal ID: n". You must manually query the Principal ID based on the specific Site Collection. This requires knowing the Site Collection ID via
to make a second query to thse
Groups tables within the Content Database. Two examples to retreive ACLs are below, along with an example to correlate the ACE to a particular principal.
'Retrieve all ACLs from the EventCache table
SELECT ACL FROM EventCache (NoLock)
'Retrieve all ACLs from the Perms table
SELECT Acl FROM Perms (NoLock)
Based on the results of either of the above queries and decoded ACLs, taking a single ACE, ACE
ID = 4 and the Site Collection
Id = 4a3e0a57-92ff-44a6-8f66-339d3211ee4d, you can retrieve the textual values of the
object using the below queries.
SELECT * FROM Groups WHERE SiteId = '4a3e0a57-92ff-44a6-8f66-339d3211ee4d' AND ID = '4'
SELECT * FROM UserInfo (NoLock) WHERE tp_SiteId = '4a3e0a57-92ff-44a6-8f66-339d3211ee4d' AND tp_Id = '4'