In my scenario I am showing a ListViewWebpart on a WebPartPage. Here list has contribute access to Member group and full control to Owner group.
When a user from Member group logs in, I want he/her to edit list through webpartpage. But not the Page itself.
So, i have given contribute permissions to List and Read permissions to WebPartPage. With these permissions, user from Member group is getting access denied when he tries to edit the list through WebpartPage.
Please help me on this. How can i modify permissions to meet the above scenario?
Thanks in Advance.
Related
I created a survey in my sharepoint online site.
If I give contribute permissions the user can add responses but can also edit permissions and add questions to the survey. Also, with contribute permissions, even if I set the survey advanced permissions to "Read responses that were created by the user" instead of "Read all responses" the user can still see all responses, even the other user responses, he also can edit and delete those answers...
If i give read permissions the user can't respond to the survey...
What can I do? What am I doing wrong?
Thank you
When you say that users "can also edit permissions and add questions to the survey", I believe in 2 scenarios:
The user has more pemissions than required at list or web level, probably being part of one or more group that has, for example, Design or Full Control permissions
Your "Contribute" permissions level was changed, and their permission was raised
So please just check the current users permissions and which groups they are members, just entering on survey settings> permissions for this survey> check permissions. Just check which groups the user is associated and be sure they have appropriated permissions.
Other important thing is to check if the role Contribute remains with the original permissions. Remember that it's a best practice to not change the original permissions levels, and you may check it on site settings > site permissions > permissions levels.
You may check more details and how the permissions levels are configured at the following link:
https://support.office.com/en-us/article/understanding-permission-levels-in-sharepoint-87ecbb0e-6550-491a-8826-c075e4859848
Just for your information: if the user has the right permissions and be a member of the expected groups with the Contribute permissions, it must not be able to change anything at list level, like questions or permissions.. Except if it's a site collection administrator or something like that ;)
Is there a way where can I search all permission of a certain user in Sharepoint? Because right now, the way I know is to navigate individually through ALL doc lib to check if that user has a permission on it. (Or belongs to a group that has permission on it).
My colleague ask me to give permission to a certain person and should be the same with her current permissions. So what I did is from the site, I navigate Site Actions > Site Permissions > Check Permissions. From there I take note of the groups that my colleague belongs to and add the new user into it. But the user cannot access that particular Doc lib he needed. Is there a way where I can see ALL possible permissions of a certain user so that I don't need to check ALL doc lib or lists individually?
Assign permissions directly to the user is a bad pattern, better assign permissions to a group and assign the user to the group.
To check user permissions for the whole site you must use a powershell script, below a script taken from another post from stackexchange
$urlWeb = "http://sp2010"
Get-SPUser -Web $urlWeb | select UserLogin, #{name=”Exlicit given roles”;expression={$_.Roles}}, #{name=”Roles given via groups”;expression={$_.Groups | %{$_.Roles}}},Groups | format-Table -auto
We want some users of one of our SharePoint site to manage permissions on their site but do not want them to give the permission called "Manage Permissions". Because if we do so, the users start assigning the built in permission level “Full Control” to themselves. How can we achieve this?
Please note that the users with the permission level "Manage Permissions" can create and change permission levels on the Web site [Ref: Microsoft]. What we want for them to only be able to create users, groups, and assign certain permissions on the site to those users and groups.
"we want for them ... and assign permissions"
you DO realize that they can just as easily be assigning Full Control to these groups? isn't that what you say you want to AVOID?
manage the permissions for them, and allow them to self manage the GROUP MEMBERS. that way they can add people to the "publishers" group... and net result is that the user has "publish" permissions.
solution 2 can be extrapolated for some very granular needs, but I don't explain how because I wouldn't recommend it.
I have three custom entities; Project, ProjectStageExternal and ProjectStageInternal,I have added a workflow which will create ProjectStageInternal and ProjectStageExternal records when admin creates a Project record.
Now I have a security roll named customer. Users having this roll only read the Project and ProjectStageExternal records.
The problem is workflow is not working when ownership is changed to users having customer security roll. Its showing this following error: The selected user does not have sufficient privileges to be assigned records of this type.
what am I missing here?
Thanks.
That security role has basically no permissions on those entities, so the users wont be able to do anything with them.
If you want someone to be able to assign (or have a workflow assign on their behalf) you need to grant the assign permission and probably write as well.
If you dont want to grant them those permissions, change the workflow's Scope to organisation and assign it to an admin user. That means the workflow will run with the admins permissions and security roles.
Only providing Read Privileges to the user/team whom the record is to be assigned will work perfectly fine !!
I want to find whether a user in a site has been granted permissions directly or he is inheriting permissions from a group. How can I do that using SharePoint object model?
I dont think there is a direct way to do this. One option is to get all the groups he is in and then see if this group belongs to a another group. If so then he is inheriting the permission from the group. Not a good solution though. :-)