I have a site at http://moss/sites/Electronics/Laptop
I have given users contribute permission on laptop site but still when they try to edit the page they are getting access denied, I have checked the permission level and all permissions are fine bt still users are not able to edit page.
I gave them read permissions on Electronics site and now they are able to edit the pages. My question is why we need to give them read permission on the top level site? What we don't want users to go to the top level site at all and want them to have an access on subsite only? Any idea?
Thanks,
Does the user have any access to the child site before you granted access on the parent? If not, this is likely because you're using some reference to list data from the parent in the child. If the user has no access to the parent and the child is trying to access that data, it will fail and the user will get access denied regardless of their permissions on child.
If they had access but just couldn't edit, this could be a completely different problem but it isn't typical out-of-box behavior. I would still be suspicious that something from parent is being used in child to cause this contention.
I've just discovered this in my 2010 installation. User has rights on a library, but Limited Access at the site level. Granting them Contribute at the site level resolved the issue, but this causes a long list of other issues relating to security. That's an end-user\training issue I need to work on.
Just my $.02
Related
I have a list in my sharepoint site.The users who have contribute access is able to add items on the list.But recently some users who have contribute access was not able to add new item.The normal work around we do is we will add them to the owners group and ask them to login .Then we ask them to logout and remove them from the owners group and issue will be resolved.But the proper way shouldn't be like that.Please give the proper way to solve this issue.
The users whom you talk about, Were they added to the contribute group recently? May be the list is not inherting permission(?)
You can use this WebPart (http://accesschecker.codeplex.com/) to check individual acces to every list, lib etc in your SharePoint site.
I have two users who have Full Control permissions to their department sub-site on SharePoint. They also have Full Control to the Pages document library. The Pages doc library has distinct permission from the site itself, but those two users have Full Control on both as mentioned.
When they try to create a New Page it gives them an "Access Denied" error. I can duplicate this problem with my non-admin account as well.
What am I missing to give these users the ability to create new pages on their site?
Assuming that the user has been granted enough rights to create pages at site level in the first place but is still unable to do so even with Full Control, then there is a high possibility that the user DOES NOT have READ access to the Master Pages and page layouts library. Check the library permissions at the root site collection and grant them the specified permission level accordingly.
Hope that helps.
This is a applicable to SP10 and SP13
Thanks
Ismail
It could also be TaxonomyHiddenList.
You must paste it into your browser - you cannot navigate to it and it is at the site collection level..
http://yoursite/yoursitecollection/Lists/TaxonomyHiddenList
List Menu -> List Settings -> Permissions for this list -> Grant Permissions
Maybe it is possibly to do with the Web Feature called "Content Organiser" which is enabled and not used. If it is activated, de-activate it and test again. This feature will affect document libraries, not lists.
I have a Sharepoint 2007 site which has a frontpage and then various sub-sites. One of our usergroups only have access to one of these subsites and not the frontpage. However, due to the way they access the site, they will always land on the frontpage, which currently presents them with the default "access denied" page.
Is there some way to redirect these users to their subsite before they get presented with the access denied page?
All solutions are welcome, and solutions that include programming and feature/solution deployment is not an issue. The solutions is only for this single usergroup, so hardcoding (even if it is ugly) the user group and destination URL is an acceptable solution.
EDIT: I heard a custom accessdenied.aspx page as a suggestion, but it seems to be a rather cumbersome alteration for a simple feature.
One dirty solution is to replace AccessDenied.aspx page, in Layouts folder, and add your own logic. You can check the current user and see if he has permission to "Sub site" then redirect him.
This is not a recommended solution as Service Packs to SharePoint can replace AccessDenied.aspx file.
I have created a custom list with work flow associated with that. The workflow takes the item through different levels of approval.
My workflow scenario is like say an initiator add an item, which will go to manager for approval. When the manager approves, few columns in the current list will get updated. On manager approval it will be forwarded to head of department. Again when the Dept head takes an action, the column values of the list get updated. For all these users i have set Contribute permission. But the problem is that an item started by an initiator should not be editable or deleted by other users using the pull down menu that appears for each item. Only the owner of the item and manager should have permission to edit it using the pull down menu. When I tried changing the edit access for the item through Advance settings-->Item level permission --Edit access being set to "Only their own" while manager or dept head approving I get an access denied error message.
Can any one please suggest me what is the work around for this?
Welcome to the not-perfect world of Sharepoint Item level permissions...
You will not get far with Sharepoint 2007 standard stuff, because what you need is a Workflow with Impersonation - why do you need it?
You want to set item level permissions depending on the state your workflow is in. You can only change permissions when you have the right to do so - Workflows run as the user who started the workflow, so your user would need the right to change permissions -> You don't want every user to have that. So there is this thing called "impersonation" (which comes as an activity with Sharepoint 2010). Impersonation you can only achieve using a custom activity with SHarepoint 2007.
Once your Workflow is running under an elevated account, you can change permissions for the Current item easily, i.e. give contribute permission to someone and retract read permission from someone else.
There is a good article on how to implement item level permissions for Workflows and Sharepoint 2007 here:
Custom Activity Workflow for implementing Item Level Security in SharePoint Designer 2007 (sorry coding involved)
If you really don't want to code there are some useful projects on Codeplex:
Useful Sharepoint Designer Custom Workflow Activities (in particular "Grant Permission on Item " Activity)
Please be aware that item-level permissions and large lists dont mix very well. It can cause some performance issues on the list.
Please take a closer look at the
http://technet.microsoft.com/en-us/library/cc262787.aspx
under
Security scope
1,000 per list
Type: Threshold
The maximum number of unique security scopes set for a list should not exceed 1,000.
A scope is the security boundary for a securable object and any of its children that do not have a separate security boundary defined. A scope contains an Access Control List (ACL), but unlike NTFS ACLs, a scope can include security principals that are specific to SharePoint Server. The members of an ACL for a scope can include Windows users, user accounts other than Windows users (such as forms-based accounts), Active Directory groups, or SharePoint groups.
I have users on the active directory and they all have full control on the sites. But I want to give read only permsissions through my list in my subsite. Which I have done. But still they have full control permsions. How to sort this?
And Also I want to make a field in custom list as editable by admins (only one field.)
any help??
Hari
what i can think of is that intially you have created a subsite by inheritting the parent site permissions and later on you revoked them. In this case SharePoint Kindly create a subsite which is not inherriting the permissions from the main site and you would be able to resolve the issue