I have users on the active directory and they all have full control on the sites. But I want to give read only permsissions through my list in my subsite. Which I have done. But still they have full control permsions. How to sort this?
And Also I want to make a field in custom list as editable by admins (only one field.)
any help??
Hari
what i can think of is that intially you have created a subsite by inheritting the parent site permissions and later on you revoked them. In this case SharePoint Kindly create a subsite which is not inherriting the permissions from the main site and you would be able to resolve the issue
Related
I have a list in my sharepoint site.The users who have contribute access is able to add items on the list.But recently some users who have contribute access was not able to add new item.The normal work around we do is we will add them to the owners group and ask them to login .Then we ask them to logout and remove them from the owners group and issue will be resolved.But the proper way shouldn't be like that.Please give the proper way to solve this issue.
The users whom you talk about, Were they added to the contribute group recently? May be the list is not inherting permission(?)
You can use this WebPart (http://accesschecker.codeplex.com/) to check individual acces to every list, lib etc in your SharePoint site.
I have a web part which shows data in one of 3 different formats. The format is selected by clicking one of 3 buttons in the web part. This works fine.
A request has come through to store the last selected state so that the user does not always have to click their favourite view.
It seemed logical to define a Property and define Personalizable(PersonalizationScope.User) but this does not seem to work for most users as they only have Read rights for the page.
What is the best way forward here? Is Sharepoint the right place to store such info or should I be using my own storage?
Thanks
Using your own storage is an option but this means its some more development work for you. How about this option.
Modify your WebPart and add the option to the Web Part property.
Create a new permission level and add the following permission
Update Personal Web Parts - Update
Web Parts to display personalized
information.
This will make sure that users with read only access can only update webparts.
Step 2 will allow them to odify all webparts. You can modify each webpart and remove the following option for webparts which you dont want you users to edit.
Allow Editing in Personal View [Advanced]
This way you can lock all webparts except the one you want.
I have two users who have Full Control permissions to their department sub-site on SharePoint. They also have Full Control to the Pages document library. The Pages doc library has distinct permission from the site itself, but those two users have Full Control on both as mentioned.
When they try to create a New Page it gives them an "Access Denied" error. I can duplicate this problem with my non-admin account as well.
What am I missing to give these users the ability to create new pages on their site?
Assuming that the user has been granted enough rights to create pages at site level in the first place but is still unable to do so even with Full Control, then there is a high possibility that the user DOES NOT have READ access to the Master Pages and page layouts library. Check the library permissions at the root site collection and grant them the specified permission level accordingly.
Hope that helps.
This is a applicable to SP10 and SP13
Thanks
Ismail
It could also be TaxonomyHiddenList.
You must paste it into your browser - you cannot navigate to it and it is at the site collection level..
http://yoursite/yoursitecollection/Lists/TaxonomyHiddenList
List Menu -> List Settings -> Permissions for this list -> Grant Permissions
Maybe it is possibly to do with the Web Feature called "Content Organiser" which is enabled and not used. If it is activated, de-activate it and test again. This feature will affect document libraries, not lists.
I have created a custom list with work flow associated with that. The workflow takes the item through different levels of approval.
My workflow scenario is like say an initiator add an item, which will go to manager for approval. When the manager approves, few columns in the current list will get updated. On manager approval it will be forwarded to head of department. Again when the Dept head takes an action, the column values of the list get updated. For all these users i have set Contribute permission. But the problem is that an item started by an initiator should not be editable or deleted by other users using the pull down menu that appears for each item. Only the owner of the item and manager should have permission to edit it using the pull down menu. When I tried changing the edit access for the item through Advance settings-->Item level permission --Edit access being set to "Only their own" while manager or dept head approving I get an access denied error message.
Can any one please suggest me what is the work around for this?
Welcome to the not-perfect world of Sharepoint Item level permissions...
You will not get far with Sharepoint 2007 standard stuff, because what you need is a Workflow with Impersonation - why do you need it?
You want to set item level permissions depending on the state your workflow is in. You can only change permissions when you have the right to do so - Workflows run as the user who started the workflow, so your user would need the right to change permissions -> You don't want every user to have that. So there is this thing called "impersonation" (which comes as an activity with Sharepoint 2010). Impersonation you can only achieve using a custom activity with SHarepoint 2007.
Once your Workflow is running under an elevated account, you can change permissions for the Current item easily, i.e. give contribute permission to someone and retract read permission from someone else.
There is a good article on how to implement item level permissions for Workflows and Sharepoint 2007 here:
Custom Activity Workflow for implementing Item Level Security in SharePoint Designer 2007 (sorry coding involved)
If you really don't want to code there are some useful projects on Codeplex:
Useful Sharepoint Designer Custom Workflow Activities (in particular "Grant Permission on Item " Activity)
Please be aware that item-level permissions and large lists dont mix very well. It can cause some performance issues on the list.
Please take a closer look at the
http://technet.microsoft.com/en-us/library/cc262787.aspx
under
Security scope
1,000 per list
Type: Threshold
The maximum number of unique security scopes set for a list should not exceed 1,000.
A scope is the security boundary for a securable object and any of its children that do not have a separate security boundary defined. A scope contains an Access Control List (ACL), but unlike NTFS ACLs, a scope can include security principals that are specific to SharePoint Server. The members of an ACL for a scope can include Windows users, user accounts other than Windows users (such as forms-based accounts), Active Directory groups, or SharePoint groups.
Greetings all,
I have a question.
On my MOSS 2007 dev box, I created a new sharepoint site using the Publishing -> Publishing Site template.
Now, On this site, I can create pages, check them in, publish them, etc.
What I want to do is create a scope that I can do searches on. However, one of the filters I want to apply to the scope is to ignore everything which is not published.
Does anyone out there know of a property (which I can use in a metadata property in my shared service which is in turn used in my scope) to determine if a page is in a published status, draft status, any other sort of status?
Does such a property exist?
Thanks in advance for your help.
cmb..
By default, when you view pages in a SharePoint site, and you're not signed in (eg your a anon user) then you will only see the last published version of that page. You won't see the version currently being edited (if it is checked out).
Now, if you want to stop users who are signed in from searching any pages which are not checked in, then have a look at filtering using the 'Approved Status' field. I'm not sure how to do this myself, but that's usually the field you filter on for stuff like views.
Yes, the "Approval Status" field is what you're looking for.
The property you need to map to is "_ModerationStatus" within your SSP search configuration.