SharePoint 2010 - Access denied for users that have full control on the site - Under The Hood

« Best of Breed or One Size Fits All for Enterprise Content Management? | Main | Is Oracle Leading the Pack with Content as a Service? »

05/22/2011

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Nosika

Can you please be a bit more specific. What do you mean by "User Policy", a user group? Where should we originate this policy from, the site collection or central administration?

Chaitu

Nosika! I have updated the post with a few screenshots.
Please let me know if you have more questions.

Thanks,
Chaitu

Karthik Elangovan

Hi Chaitu,
I've spoken to you before, I'm Sagar's friend. I noticed that no matter what permissions we give inside the site, it gets overidden by what we set at the "user policy". Is there a way do you know to give, for example, contribute permissions for one user within the site, without giving the user "contribute" permission in the web application level? did you overcome this scenario?

Chaitu

The permissions at web application level take the highest preference. So for your scenario, try to give read access at web app level and contribute access from your site / site collection..

David Hamilton

Would this fix the following problem?

When opening a site without appending default.aspx or home.aspx, I get access denied.

When opening a site with default.aspx or home.aspx, I get in fine. But then, when accessing some of the internal links, I get access denied (not all links). And when adding or editing something, it always returns to a URL that produces Access Denied and an option to log in as another user. But I am logged in appropriately and I am the farm admin.

We are using claims-based authentication with a custom provider.

Chaitu

@David - I guess it should resolve all the access denied issues as you are giving access at the top most level.

RonGuy

Be VERY CAREFUL when using the User Policy, as it overrides permissions on all sites and site content. For example, if you have a document that has read permission for only a certain person or group, ANYONE defined in the Group Policy will have read access to that document.

Carlos

You are great!!!!!
Thanks for your post!!!

Muhammad Talal Shoaib

Thank you so much for such a nice article. It really helped me alot. Cheers :)

The comments to this entry are closed.

Subscribe to Thinking

Contact ICF Interactive

  • ICF Interactive a full-service, interactive agency with the ability to guide brands digitally – through an informed strategy, inspired design, technical know-how and an obsession for humanity, we not only can launch your site but we can digitally catapult your brand. If you have a project in mind, would like information regarding our work, career opportunities, proposal requests or anything else, please feel free to get in touch. We’re ready for what’s next. hello@icfi.com