none
SharePoint 2013 'Access Denied' for full control permissioned user RRS feed

  • Question

  • Hi,

    This is one strange issue I experienced from 2 days but farm(2 servers web& app + 1 db server) has been running since 3 months without any permission problem. Please note that we are not using any social features and hence turned off Distributed cache service from the beginning as it was making entire farm dead slow for end user.

    People were able to access the sites without any problem. Even if I give full permission to unique security permission applied portal site, people are getting error stating ' the site hasn't been shared with you' error.

    I have verified Style resources reader, Master page and page layouts with full read permission for all employees 'NT Authenticated Users\All Users'. I verified the master page is published. If I add any new users with Contributor or even full control, it redirects to access denied page.

    Anyone has experienced this? Will you please share how you have resolved?

    Thanks

    Shri

    Thanks

    Shri

    Tuesday, February 14, 2017 10:47 PM

Answers

  • No, please read the TN article I posted previously. Follow those instructions to a T.

    Trevor Seward

    Office Servers and Services MVP



    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Proposed as answer by Sara FanModerator Wednesday, February 22, 2017 1:51 AM
    • Marked as answer by ShriG Wednesday, March 1, 2017 11:25 PM
    Wednesday, February 15, 2017 11:25 PM
    Moderator

All replies

  • Disabling Distributed Cache puts you in an unsupported state. Can you re-enable that first?

    https://support.microsoft.com/en-us/help/2764086/certain-microsoft-sharepoint-server-2013-installation-scenarios-are-not-supported

    That said, is a super user/super reader configured (this sounds like a Publishing enabled site)?


    Trevor Seward

    Office Servers and Services MVP



    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Tuesday, February 14, 2017 10:58 PM
    Moderator
  • Yes, its publishing enabled site. Do you think this has anything to do with permission?

    Thanks

    Shri

    Wednesday, February 15, 2017 8:35 PM
  • Has the superuser and superreader been configured? Note these accounts should not be used anywhere else in the farm for any other service.

    https://technet.microsoft.com/en-us/library/ff758656.aspx?f=255&MSPPError=-2147217396


    Trevor Seward

    Office Servers and Services MVP



    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Wednesday, February 15, 2017 8:37 PM
    Moderator
  • Thanks Trevor, but we have not configured superuser and superreader accounts. What other could be the issue for the user with full permission cant access the portal site?

    Thanks

    Shri

    Wednesday, February 15, 2017 9:34 PM
  • Configure them. Then try again.

    Trevor Seward

    Office Servers and Services MVP



    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Wednesday, February 15, 2017 9:35 PM
    Moderator
  • Do you think these accounts should be a dedicated separate account one for superadmin and another for superreader?

    I currently have spfarmadmin account, spservice account and spsiteadmin accounts. So need to configure in addition to these or do I have to use of of these account?

    Thanks

    Wednesday, February 15, 2017 10:48 PM
  • Yes, you need two accounts that are not used for anything else. You (as a SharePoint admin) do not need the account passwords. They just have to exist in Active Directory. Do not make them Managed Accounts in SharePoint.

    Trevor Seward

    Office Servers and Services MVP



    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Wednesday, February 15, 2017 10:49 PM
    Moderator
  • I already have a full read account and full control account under User policy. I thought Local Service fulfill this need.
    Wednesday, February 15, 2017 11:22 PM
  • No, please read the TN article I posted previously. Follow those instructions to a T.

    Trevor Seward

    Office Servers and Services MVP



    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Proposed as answer by Sara FanModerator Wednesday, February 22, 2017 1:51 AM
    • Marked as answer by ShriG Wednesday, March 1, 2017 11:25 PM
    Wednesday, February 15, 2017 11:25 PM
    Moderator
  • Hi Shri,

    If the reply is helpful to you, you could mark the reply as answer. Thanks for your understanding.

    Best regards,

    Sara Fan


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, February 24, 2017 7:35 AM
    Moderator