locked
can't apply custom permission on list for anonymous users RRS feed

  • Question

  • The Main Issue Start When Create Custom Search scope To Search in sharepoint list

    but anonymous user can't search as registered user as no results appear for him after search

    this site allowed for anonymous access

    but i found that anonymous users can't view list when navigate to it direct from url

    so i apply custom permission on this list for one user ( user with restricted read permission )

    after making Full crawl this user can retrieve date from search ( i know the resolution For my issue - apply custom permission on this list for these users )

    i want to apply this permission for anonymous users also

    after search i found that anonymous users User ID is NT Authority\IUSR

    i want to apply this custom permission on anonymous user

    when i type IUSR in people picker it found the identity

    but after i select the permission and try to save

    ERROR MSG appear tell me " No exact match was found. Click the item(s) that did not resolve for more options."

    And IT Take Much Time From Me With No Result

    Is My Resolution for search result IS The right one  ?

    if yes what's the resolution for the second issue ?

    Wednesday, June 8, 2011 2:26 PM

Answers

  • Anonymous access isn't done the same way in SharePoint that it is in IIS.  There is no useraccount being used when anonymous users access SharePoint.  They are truly anonymous.  So there is no way to assign a custom permission to an anonymous user.  You have actually run into two other features of the way anonymous users are provisioned in a publishing environment.

    1) Anonymous users can't search because the default Search Results page inherits from a class that requires authentication.  To allow anonymous users the ability to view search results you need to either create a search center (and give anonymous users access to it) or change what the default search page inherits from.

    2) There is a Feature that is autoactivated when you use some Publishing site templates called ViewFormPagesLockDown.  After this feature is activated and anonymous access is enabled anonymous users can no longer access list view pages directly.  To turn it off, deactivate anonymous access, turn off the feature, and then reactivate anonymous access.


    Paul Stork SharePoint Server MVP
    Wednesday, June 8, 2011 3:13 PM

All replies

  • Anonymous access isn't done the same way in SharePoint that it is in IIS.  There is no useraccount being used when anonymous users access SharePoint.  They are truly anonymous.  So there is no way to assign a custom permission to an anonymous user.  You have actually run into two other features of the way anonymous users are provisioned in a publishing environment.

    1) Anonymous users can't search because the default Search Results page inherits from a class that requires authentication.  To allow anonymous users the ability to view search results you need to either create a search center (and give anonymous users access to it) or change what the default search page inherits from.

    2) There is a Feature that is autoactivated when you use some Publishing site templates called ViewFormPagesLockDown.  After this feature is activated and anonymous access is enabled anonymous users can no longer access list view pages directly.  To turn it off, deactivate anonymous access, turn off the feature, and then reactivate anonymous access.


    Paul Stork SharePoint Server MVP
    Wednesday, June 8, 2011 3:13 PM
  • Thanks Paul

    1- Search Result Page :

    My Search with custom scope i already apply it on OOB search webparts in custom pages anonymous access applied on it and can access it with no problems

    2- Lockdown feature

    i already did it

    deactivate the feature from the whole server

    remove anonymous access from the site

    test it => user can't access any thing

    apply anonymous access on this site

    test it => user can access pages but not the lists and this is the issue

    i tried to create user and add it to restricted read  (permission given for anonymous users as i know and grant this user more permission to view lists and when this user become able to see this lists the search result appear to him )

    i want to simulate this with whole anonymous users

    Thanks

    Thursday, June 9, 2011 9:35 AM
  • As I pointed out there is no way to create a user to use as anonymous access users.  The permissions given for anonymous access are hard coded into the system and can't be changed.  Double check to make sure you haven't broken permission inheritance on the list.  If you have then you need to apply anonymous access on the list specifically for anonymous access users to access it.  Anonymous access assigned at the web site level only goes where security inheritance is enabled.  Anything in the hierarchy where security inheritance has been broken will not be affected by anonymous access settings higher in the site.
    Paul Stork SharePoint Server MVP
    Thursday, June 9, 2011 11:33 AM