martes, 17 de abril de 2012 8:24
SharePoint groups started to disappear- totally randomly, within a single site collection. I am pretty sure they are not deleted because we have few site collection admins with knowledge.
happens like this: Site A has members, owners and visitors group. we realized that owners and visitors have been removed. The groups are vanished from People and Groups as well! On the other instance, Site B,all groups have been removed / vanished and an individual person name was added to permissions.
I enabled the auditing and all I have from the report is 12 groups deleted on a saturday night in easter holiday at 11Pm by 3 different users in same minute. there is no way that users connected the same minute and deleted this groups. Does anyone has an idea what might be happening, I have never seen such a thing.
There are no custom timer jobs, content deployments etc. to cause this behaviour. Every week users are coming to tell me their groups are vanishing. And I am far away from finding a root cause. I did a massive investigation, went through ULS logs searched every keyword I can think of, no trace and now I am out of ideas. help!
- Editado ova c miércoles, 02 de mayo de 2012 8:05
Todas las respuestas
martes, 17 de abril de 2012 20:09
Just to get some extra information. Do the sites in your example (Site A & B) have unique permissions or do they inherit their permissions from the root?
In other words, what kind of hierarchy of permissions and inherited permissions do you have within the single site collection?
martes, 17 de abril de 2012 20:40
All sites that has disappearing permissions have UNIQUE permissions. none of them inherits.
There are some sites which are inheriting and some are not inheriting.. It depends on the site usage really. And this does not happen on all non-inheriting sites, totally random. At first I thought someone was accidentally deleting them but on a saturday nigth at 11 pm by 3 different users, in same minute- impossible.
I am going through the ULS logs to see what happened in that minute but lots of entries- Excel Services and Profile Syncronization things mostly, couldn't relate it to that :(
miércoles, 18 de abril de 2012 8:04
Sounds like some kind of timer job or maybe something with the Profile synchronization. Strange but interesting issue.
Did it only happen during easter. Or did it happen on more occasions?
Btw, which build of SharePoint do you have (which SP or CU?)
miércoles, 18 de abril de 2012 10:19
If it is a timer job- why the groups seem to be deleted by the user accounts? I expect they will be deleted by a service account.
The users are complaining about this issue more than a month, the first time we thought it was a user mistake, unintentional or accidental delete.. but it is obviously not.
Here is the build version, Get-spfarm.buildversion result:
Major Minor Build Revision
----- ----- ----- --------
14 0 6029 1000
miércoles, 18 de abril de 2012 11:16
Just a clue: expiration policy jobs are scheduled to run at 11pm on Saturdays by default.
miércoles, 18 de abril de 2012 11:41Hi can you please tell me what these jobs do?
viernes, 20 de abril de 2012 14:22
Today the Master Page Gallery permissions have vanished into thin air. Users started to get 'access denied' when they tried to edit pages and after a quick investigation I found out that Master Page Library on site collection level had no permissions at all. nothing..
I have fixed this now but what deletes this really? Why does this permissions vanish? the only thing in audit log is:
And it is from yesterday morning. I do not understand what this means and not sure if this caused the master page gallery permissions to vanish.
2012-04-19T09:59:03 Security Role Bind Update <roleid>-1</roleid><principalid>12</principalid><scope>80D22BD8-9F7B-4CBA-ACD1-22C998E739E4</scope><operation>ensure removed</operation>
- Editado ova c viernes, 20 de abril de 2012 14:23
lunes, 23 de abril de 2012 6:23
I am not sure whether it is related. You may have a look at this article:
Hope it helps.
lunes, 23 de abril de 2012 9:05
I'm seeing a similar issue with one of my environments. SP Groups are randomly dissapearing at 00:00 Sundays (that's 23:00 GMT). It appears as it would have been deleted by a regular user, however we excluded that the user would have deleted these groups.
There are a lot of timer jobs running at 00:00, but the best candidates would be the Health Jobs (which are scheduled by default every Sunday on 00:00). However, we couldn't exactly pinpoint the responsible timer job until now.
We're on build 14.0.6109.5002.
How is your investigation going?
martes, 24 de abril de 2012 8:13No news.. We are still investigating but kind of stuck here. The groups disappeared 23:04 PM two weeks ago. Then last week an active directory user group sitting inside a sharepoint site visitors group disappeared. No trace in logs.. Desperate for a solution!
jueves, 26 de abril de 2012 7:57
It seems that this happened again, 21 april on 23 PM - this time there is my user and 2 other users, deleted a total of 14 groups at 23:02PM. This is definitely a timer job gone wrong!
I have checked the timer job schedules and this 2 jobs are running weekly on Saturday 11 PM:
Expiration policy: This job processes items that are due for a retention action, such as deleting items passed their expiration date.
Change log: The Change Log records many different types of changes made to SharePoint sites. This timer job is used to periodically delete old entries from the log.
So which one is deleting this sharePoint groups and why deleting it with different account names? As far as I know SP groups does not expire!
Andrei, are any of this 2 timer jobs scheduled on the time you have lost your groups?
- Editado ova c jueves, 26 de abril de 2012 7:59
martes, 05 de junio de 2012 16:46We are experiencing similar issue, were you able to resolve this issue. This issue has been driving us crazy. Appreciate it if you can share how you resolved this issue.
miércoles, 18 de julio de 2012 8:26
I am experiencing also similar behavior - I have a multi-tenant SP2010 environment, and it happens that sharepoint groups (usually "default" visitors, members and admins groups, never the custom groups) get deleted randomly on one of (random) tenant sites. I have audit logs enabled, and can track that system account deleted the groups at exactly same moment (all three groups). This has happened several times... FEB 2012 CU installed.
jueves, 09 de agosto de 2012 15:35
This problem (at least in my case) looks like a Sharepoint bug, but I was able to solve my case using a workaround.
The case in which members, owners and visitors group was removed was caused by following process:
1. I have a root site collection under which I also had a sub site. Both root web site and the sub site had same Sharepoint groups (I'll call them "Readers", "Contributors" and "Admins" just to demonstrate the issue) - and for the sub site I was using these groups for site's default groups: members (--> "Contributors"), owners (--> "Admins") and visitors (--> "Readers") group (as configured e.g. through /_layouts/permsetup.aspx).
2. I removed the sub site (and since SP2010 sp1 the sub site was send to the recycle bin)
3. I have 30 days retention period (default) in recycle bin after which the timer job (I had it running on Sunday morning right after midnight) cleans +30 days content from recycle bin.
4. Thus after 30days+n days till next Sunday, when the timer job was run, my "Readers", "Contributors" and "Admins" Sharepoint Groups were also removed from the root web site (when the sub site was removed from the recycle bin).
I repeated this process manually, by creating root web site, sub site and similar group setting. Then I deleted the subsite, after which I also removed it from recycle bin (just like the recycle bin timer job was doing): the result was that the Sharepoint groups were removed from the root web site as well.
Therefore, I developed a workaround for this purpose:
1. Before removing the sub web site, I set up unique members, owners and visitors groups for the sub web site (and make sure that sub web site does not have any privileges for the groups that I am using on root site level).
2. I delete the sub web site, after which I remove the site from the recycle bin as well.
As a result of this no groups are removed from the root web site.
I hope this helps someone of you!
- Marcado como respuesta ova c viernes, 10 de agosto de 2012 9:15
viernes, 10 de agosto de 2012 9:15
Yes, Microsoft returned the exact the same answer to us, Ahis.
We are now waiting for them to tell us if this is a bug or 'by design' :)
miércoles, 22 de agosto de 2012 14:49I was able to reproduce this from the restore of a content db where this happened, but I'm unable to reproduce this in my test enviroment. Do you know if this is for a particular site template? I'd like to be able to document this as much as possible.
jueves, 18 de octubre de 2012 14:30
we've identified the cause and a workaround. To sum it up:
The problem: Some SharePoint groups and their associated permissions are removed, when a subsite with custom permissions (created through code in our case) is deleted from the recycle bin (manually or through the Recycle bin timer job).
The cause: While assigning permissions to the problematic subsite, SharePoint automagically assings some SharePoint site groups as "CreatedAssociateGroups" to it. When the subsite is sent to the recycle bin, these groups are also marked for deletion. When the subsite is deleted, the groups are deleted with it. You can identify the groups which will be deleted via PowerShell:
The Workaround: Set the vti_createdassociatedgroups property for the subsite to empty and the groups won't get deleted when the subsite does
- Editado Andrei Talmaciu jueves, 18 de octubre de 2012 14:33