I have a SharePoint Site where I created a List and I want to give read and add access to this list only to a limited group of people.
First I created in the SP site the List "ListX"
In the ListX settings I went to list permissions and I stopped inheriting permissions from the site and I created unique permissions
On the site advanced permission settings I created a new permission level "Add and View Only" where I selected the following options:
On the list permissions section
(a) Add Items - Add items to lists and add documents to document libraries
(b) View Items - View items in lists and documents in document libraries
The moment I selected those two options the following options have been automatically selected for me on the site permissions section:
(a) View Pages - View pages in a Web site
(b) Open - Allows users to open a Web site, list, or folder in order to access items inside that container
Then on the site permission I created a SharePoint group "ListX Users" and I gave the permission level "Add and View Only"
Then I added several users in the SP group "ListX Users"
Then I granted permissions on the ListX permissions to the "ListX Users" SP group
However the user gets the message "Sorry you don't have access" when they try to go to the top level of the site so that they can click on the ListX link and they are prompted to request access.
Any idea why that happens and how to give such Add and View access to the ListX only? Thanks
Best (and easiest) imo is to work down. Give them permissions on site level and break inheritance on each library that shouldn't be visible for everyone.
That way the navigation is the easiest and for maintenance has the easiest overview.
I partially solved my issue by adding two more options in the List permissions permission levels of "Add and View Only". See below.
Open Items - View the source of documents with server-side file handlers
View Application Pages - View forms, views, and application pages. Enumerate lists
However in this case the user need to have a direct link to the list and cannot navigate via the site.
Related
How do I add a custom group to this image library? I created a group at the site level which contains a list of users from AD but there is no option for me to add this group to this specific folder.
I have also created a group at the AD level but the SharePoint functionality only allows for individual users to be added to one of the groups already listed.
I stopped inheriting permissions from the top level site in order to manage access to certain folders but I don't seem to have that option.
Try following the steps:
From permissions page (shown in your question), click on "Grant Permissions"
Search name of group in first text box and select group from suggestions
Click on "SHOW OPTIONS"
Select Permission level as per your requirements
Click "Share"
Documentation: Customize permissions for a SharePoint list or library
I have a dev Sharepoint site with unique permissions (and fake users seen below). In the SharePoint manage access blade, the permissions appear as such:
However, when I click through to the Advanced Permissions link just below that, the permissions look as such:
MaksSite Owners is missing in the 2nd listing, though it appears in the first listing. This group appears to be the default Owners group that came with the SharePoint site. It is also missing when queried through the SharePoint REST API (via /sites/MaksSite/_api/web/GetFileByServerRelativeUrl('/sites/MaksSite/path/to/file')/ListItemAllFields/RoleAssignments?$expand=member). Which listing is right, and if it is the first listing, how do I get it to appear, at least with the API?
By default, the Site Owners group is hidden in the list. To make it appear, please take the following steps:
Click List Settings under Settings.
Scroll down to Views, click Detail View.
In Filter section, choose show all items in this view. Then save the view.
The Site Onwers group will appear in the list:
You could try to use the below Rest API:
/_api/web/GetFileByServerRelativeUrl('/sites/michael/Shared%20Documents/Document.docx')/ListItemAllFields/RoleAssignments/groups?$expand=users
I have a sub-site (http://mysite/documentcenter). My user is in Site Collection Administrators, so I can see and click the move button in site content and structure of sub-site.
But the other users, who has contribute access to all documents, can't see the Move button - it completely disappeared, it's not greyed out.
How can I make the move button display for the other users?
I know this question is a bit old but, you need to have the following Permission Level enabled or Move is not available.
Manage Web Site - Grants the ability to perform all administration tasks for the Web site as well as manage content.
I would be very careful assigning this permission though as it adds a whole slew of additional access for the user(s).
Make sure Add and Customize Pages permissions is present. There could be a Deny mask coming in from User Policy from central admin, which can overwrite Site Collection admin permissions.
I have a SharePoint list that is populated via an InfoPath form. There are two groups of people who have access to the form: end users and owners. While I don't have any issue with assingning permissions to owners, for the end users, this proposition has been tricky.
My requirement is such that - the end users should be able to:
Add new items to the list via InfoPath form
Not interact with the list in any other way
Now if I give the end users contribute permission to the list, they will be able to view and edit other list items in the list (which is the function of owners only). But if I don't give the end users contribute permission, they cannot add to the list. Is this a real catch-22 or am I spawning this out of my ignorance?
How about using a custom web service that performs the task of inserting items. But the real query is - would you want them to view the items as well?
If yes, you can give the view permissions on the list to your end users and addition via your InfoPath form, which would essentially call a web service and execute the code to submit items with correct privileges.
Regards,
Nitin Rastogi
Go to site collection level >> Site Settings >> Site Permissions (under Users and Permissions) >> Permission Levels (under Manage section) >> Add Permission Level.
In this page, find List Permissions in Permissions section. Check "Add Items".
Create a group that you need and give it the Add Items permissions. Add all the users to this group who should only be able to add to the list and not edit it. Give the list unique permission (don't inherit form the parent). Then add the group to the list.
We've started to adopt SharePoint 2010, and are starting to manually migrate content from SharePoint 2007 sites to new sites we're rebuilding from scratch in SP2010.
One of the things we previously had supported was to delegate responsibility for managing some of our site columns to a member of the team. The team member is not familiar with SharePoint internals, and doesn't want the responsibility of full permissions to the site and all its objects.
We're now trying to figure out what the minimum permission is that we need to grant our team member, so they can continue to edit (& propagate) the content of the site columns we've defined.
Permissions he currently has (which are obviously insufficient):
Site permissions (according to _layouts/user.aspx): Read, Contribute, Manage Lists
Permissions for specific objects in the site (according to _layouts/people.aspxMembershipGroupId=xxx, then choosing Settings, View Group Permissions):
server/sites/[sitename]: Contribute
server/sites/[sitename]/Lists/[a list with columns that inherit from site columns]: "Contribute No Delete"
Note: the "Contribute No Delete" permission is a custom permission I designed by copying the SharePoint-native "Contribute" permission set and deselecting the Delete permission. The "Manage Lists" permission is a custom permission I designed that includes the following specific permissions: (List Permissions) Manage Lists, View Items; (Site Permissions) View Pages, Open.
Operations that are throwing access denied errors:
_layouts/mngfield.aspx: SharePoint returns the "Error: Access Denied" dialog, and provides three clickable options: "Sign in as a different user", "Request access", and "Go back to site"
_layouts/fldedit.aspx?field=Level%5Fx0020%5F3 [one of the site columns we've defined]: can load the page and type in changes to the textboxes "...but when I press OK (save changes) I get the same message above."
When our team member clicks the "Request access" link, the email I receive sends me to a page that recommends that I grant the user membership in the "[sitename] Users" group - of which he's already a member. So while SP2010 tries to request access, it doesn't actually direct me to either (a) a valid group that has the correct permissions or (b) the specific object to which I need to grant our team member access.
Also note: on the SP2007 (MOSS) site (where our team member was successful in managing Site Column edits), they had dozens of additional permissions throughout the site that we do not wish to blindly re-allocate in SP2010 until we know they're necessary.
Any help anyone can provide would be greatly appreciated.
There are two sets of permissions: one set of permissions that are set at the Site level, and another set of permissions that must be assigned on every List where the Site Column is being inherited (i.e. where it's been implemented as a List column):
Site-level Permissions
Manage Lists (labelled “List Permissions”)
View Items (labelled “List Permissions”)
Add and Customize Pages (labelled “Site Permissions”)
Browse Directories (labelled “Site Permissions”)
View Pages (labelled “Site Permissions”)
Open (labelled “Site Permissions”)
List-level Permissions
Manage Lists (individual permission – which includes View Items, View Pages and Open)
Contribute (permission set)
For details and the methodology on how I arrived at these permissions, you're welcome to rad the whole gory story here: http://paranoidmike.blogspot.com/2010/10/found-minimum-permissions-to-edit-site.html