SharePoint Developer Center >
SharePoint Products and Technologies Forums
>
SharePoint - Setup, Upgrade, Administration and Operation
>
Site where user has "Full Control" permissions receiving access denied error
Site where user has "Full Control" permissions receiving access denied error
- WSS3.0, SP Server 2007 w/ SP2.
I setup a user in our production site to have full control and am receiving an access denied error message...
There is an IT site collection with team sites underneath, one of which is a 'Projects' landing page to house IT project sub-sites. I have given a user in our IT dept full control over the 'Projects' site so that he can create the subsites for each project.
I've walked him through creating a subsite and inheriting the permissions. The next step was to go into the 'Site Permissions' and break the inheritence, and add a new group with 'Contribute' permissions to the project subsite. However, when he goes into the 'New Group' screen, puts in the details and clicks 'Create' he is receiving a access denied error. Same thing when he tried to edit the group settings.
I was able to recreate this same issue in our test environment with my personal account but have not been able to find a solution.
Is anyone else seeing this and/or know of a solution??
Thank you!
-Chris
All Replies
- Groups are not created at the site level - they are created at the site collection level. They are only given permissions at site/library/list/item levels. So, he does not have advanced permissions at the site collection level, thus the denial.
SharePoint Architect || My Blog - Even though all groups can be seen at the site collection level, I was under the impression that you could assign permissions to each site by going through "Site Actions -> Site Settings -> Advanced Permissions". Then breaking the inheritance and assigning permissions to that site.
Which is what I did and gave a user "full control" permissions and is receiving an error creating a group. Actually, the group creation is working but giving an error message at the same time. It almost seems like a bug but I didnt know if anyone else was experiencing anything similar.
Or is the above method of assigning permissions not correct?? - Yes, you can assign permissions at a lower level, but that's not what you're doing. You're _creating_ the group, which adds it at the site collection level. There is a big difference between creating a group (container) and assigning permissions to that group. You can have 100 groups that have no permissions. Groups do not have permissions in and of themselves - they are just groups of people that you can do things with, be that assign permissions, send emails via workflow, assign alerts, whatever.
Your user with full control at the sub-site level can easily assign permissions to anyone or anything on that sub-site. However, he cannot create groups, because groups do not "exist" at any specific-level. They are specific to the site collection itself.
SharePoint Architect || My Blog - Ahh that makes sense. Now i'm having a new but similar problem.
In our test environment where I was able to recreate the problem, I added my own user account as a 'Site Collection Administratior' and am receiving the same error.
I go to People and Groups --> Site Permissions --> New Group. When I configure the new group and click create, its taking me to an access denied screen. However, when I got back to all People and Groups --> All Groups, the group I created is there.
This isnt a problem for me as I know how to do the work-around. However, we are going to be rolling out advanced permissions to users throughout my company and this will be a problem when users get access denied errors.
I have seen other blogs mention that this is possibly a bug in sharepoint and was wondering if anyone on here had seen a similar issue, knew of a fix, or could confirm that this truly is a bug??
Thanks,
-Chris - I have never seen that happen in any deployment, and it by no means ever happens to ANYTHING I do when I'm the SCA. That gives you full permissions to everything bar-none within the Site Collection. I don't think what you are seeing is just a known bug - it is a problem that probably involves information you haven't shared yet.
Is my earlier response the answer to your first issue or no?
SharePoint Architect || My Blog You need to allow "Edit Personal User Information" permission in the central admin site.
- WSS 3.0
I have a question that relates to this topic that I can't seem to find the answer.
I have a main application site and then subsites that exists below that. The subsites have had their permissions broken and their own established. A user on the subsites who has "full control" over a library can edit the list of permissions but cannot add additional users to the library, the user gets an access denied.
It might be the way I understand sharepoint but could someone shed some light on my issue. - My guess is he is accidentally trying to edit the parent permissions. It's easy to get this confused.
Having full control over a list would definitely allow the user to add new users to that list.
SharePoint Architect || My Blog - Clayton,
Thanks for your quick response....
I have given the user full control of a list and they can edit the user list but not add.
Then I gave full control to the user at the sub site level and the same thing.... can edit existing user but cannot add new users to the site.
Then I gave them full control at the site collection and still the same result.
I have the "Access Checker " solution that basically pulls the permissions for a given user and displays them. This is the only solution I have that might impact the permissions.
Any ideas?
