23 July 2013

SQL Query for Determining SharePoint ACL Sizes

When a SharePoint Access Control List (ACL) size exceeds more than 64kb for a particular URL, the contents under that URL become unsearchable due to limitations in the SharePoint search engine.  The error most often seen is The Parameter is Incorrect which really helps to pinpoint the problem (its difficult to convey extreme sarcasm here, please note that it is intended).  Exceeding this limit is not unheard of – it can happen when users brute force security into working by continually overriding inherited permissions and assigning user-level access to securable objects.

Once you have this issue, determining where you need to focus to fix the problem can be difficult.  Fortunately, there is a query that you can run on a content database that can help identify the issue:

SELECT [SiteId],
    
MIN([ScopeUrl]) AS URL,
     SUM(DATALENGTH([Acl]))/1024 as AclSizeKB,
     COUNT(*) AS AclEntries
FROM [Perms] (NOLOCK)
GROUP BY siteid
ORDER BY AclSizeKB DESC

This query results in a list of ACL sizes and entry counts on a site-by-site basis.  You can also remove grouping to see a more granular breakdown:

SELECT [ScopeUrl] AS URL, 
     SU
M(DATALENGTH([Acl]))/1024 as AclSizeKB,
     COUNT(*) AS AclEntries
FROM [Perms] (NOLOCK)
GROUP BY ScopeUrl
ORDER BY AclSizeKB DESC

Keep up to date with Simple-Talk

For more articles like this delivered fortnightly, sign up to the Simple-Talk newsletter

This post has been viewed 5617 times – thanks for reading.

  • Rate
    [Total: 0    Average: 0/5]
  • Share

Damon Armstrong is a Senior Engineering Team Lead with GimmalSoft in Dallas, Texas, and author of Pro ASP.NET 2.0 Website Programming. He specializes in Microsoft technologies with a focus on SharePoint and ASP.NET. When not staying up all night coding, he can be found playing disc golf, softball, working on something for Carrollton Young Life, or recovering from staying up all night coding.

View all articles by Damon Armstrong