I created a survey in my sharepoint online site.
If I give contribute permissions the user can add responses but can also edit permissions and add questions to the survey. Also, with contribute permissions, even if I set the survey advanced permissions to "Read responses that were created by the user" instead of "Read all responses" the user can still see all responses, even the other user responses, he also can edit and delete those answers...
If i give read permissions the user can't respond to the survey...
What can I do? What am I doing wrong?
Thank you
When you say that users "can also edit permissions and add questions to the survey", I believe in 2 scenarios:
The user has more pemissions than required at list or web level, probably being part of one or more group that has, for example, Design or Full Control permissions
Your "Contribute" permissions level was changed, and their permission was raised
So please just check the current users permissions and which groups they are members, just entering on survey settings> permissions for this survey> check permissions. Just check which groups the user is associated and be sure they have appropriated permissions.
Other important thing is to check if the role Contribute remains with the original permissions. Remember that it's a best practice to not change the original permissions levels, and you may check it on site settings > site permissions > permissions levels.
You may check more details and how the permissions levels are configured at the following link:
https://support.office.com/en-us/article/understanding-permission-levels-in-sharepoint-87ecbb0e-6550-491a-8826-c075e4859848
Just for your information: if the user has the right permissions and be a member of the expected groups with the Contribute permissions, it must not be able to change anything at list level, like questions or permissions.. Except if it's a site collection administrator or something like that ;)
Related
We want some users of one of our SharePoint site to manage permissions on their site but do not want them to give the permission called "Manage Permissions". Because if we do so, the users start assigning the built in permission level “Full Control” to themselves. How can we achieve this?
Please note that the users with the permission level "Manage Permissions" can create and change permission levels on the Web site [Ref: Microsoft]. What we want for them to only be able to create users, groups, and assign certain permissions on the site to those users and groups.
"we want for them ... and assign permissions"
you DO realize that they can just as easily be assigning Full Control to these groups? isn't that what you say you want to AVOID?
manage the permissions for them, and allow them to self manage the GROUP MEMBERS. that way they can add people to the "publishers" group... and net result is that the user has "publish" permissions.
solution 2 can be extrapolated for some very granular needs, but I don't explain how because I wouldn't recommend it.
This is baffling me. I used PowerShell to add about 35 libraries to a site and then create and ADD 3 permissions groups for each library which are set to use unique permissions.
After running my code I thought all was fine. When I go to the site I see all the libraries that I made and can go into each of them and the permissions for each library are correct. However, if I go in as any other user I can't see any of the libraries. Even if I go to all "All Site Content" it's as if they don't exist.
I am the site collection admin and am part of that site's Owners group, but other people in the Owner's group can't see the libraries.
Any Ideas?
It might be that the other users who cannot see those library are not having any permission on that library,since you have broken inheritance. You can verify this by logging in as Site administrator. Open the document library--> Library settings-->Permissions for this document library --> Check Permissions. Here type in the user for whom the library was not available, then you can see if that user is actually having any permission on that library or not.
In SharePoint, it has 5 permission level: full control, design, contribute, read, limit access. Permissions are categorized as list permissions, site permissions, and personal permissions, depending upon the objects to which they can be applied; and it can be inherited from the parent, or it can have its own. if one user doesn't have the permission to a list, the user can't see it.
Permissions control is complex in SharePoint, See these MSDN articles for details:
Permission levels and permissions
About controlling access to sites and site content
I have a browser:page setup in Zope, and I have:
permission="zope2.Public"
My question is what should I change this to in order to allow only Plone administrators access, and/or logged in (non-administrators) access to this page?
On Zope, you control access to views via permissions, but to permit someone to access a given permission, you must grant such permissions to a role.
Anyone in the Plone administrators group has been granted the Manager role (on Plone 4.2 that'll change to the SiteAdmin role) generally have access to most permissions. There is also the automatic Authenticated role, which is given to anyone that has been authenticated (has logged in). The latter doesn't have many default permissions though.
Permissions are generally named after the action you want to permit. If your view's goal is to manage some aspect of your Plone portal, then the cmf.ManagePortal permission is probably what you want. You can check the full list of default permissions if you need another one.
There is some excellent documentation on how security works in Plone, which includes information on how to define new permissions too, and how to assign existing permissions to roles.
permission="cmf.ManagePortal"
This setting is about permissions not about roles.
I want to move a page between sites from a site collection.
I am getting result as :-
Operation Failed.
Access Denied. Not enough permission.
When I login as Site administrator, I can move page between sites.
The user with contribute permission cannot move pages between sites.
Please help me for this issue...
It looks like the permission level issue.
Instead using the default permission levels (Contributor in your case, which has no rights to manage web), you should probably create a custom permission level that has permissions fits your need.
Please go read
http://office.microsoft.com/en-us/sharepointtechnology/HA101001491033.aspx
Hope it helps
James is correct, you need more permissions.
If you don´t wan´t to add those permissions to the users you could create your own "move" function that uses elevated permissions to do the copying. Things to look out for though is that you would have to "restore" the current users credentials on the createdby and modifiedby columns after the move since those will be sharepoint\system when elevated.
How can I set the permissions for a site where I have access to do everything but NOT view documents?
Thank you.
I'm Kevin and I'm responsible for permissions in SharePoint
In SharePoint, you can grant permissions to a user or group via what we call "permission levels" - essentially sets of permissions. Out of the box we include a few of these like "Read" and "Contribute" and "Design".
It sounds like you want to provide some users with the ability to do more than the Read permission level allows, but disallow the viewing of documents. To accomplish this, you could create a new permission level (site settings > advanced permissions > permission levels). Note: we restrict permission levels from including adding or editing items without the ability to view them
If you, or anyone reading have further questions about this stuff feel free to get a hold of my via email: kevin.davis#microsoft.com
Your question is slightly confusing, I'm taking it to mean, you want to stop certain users (or groups of users from accessing documents hosted in your site. (Where you are the site administrator.)).
To do that go into each library, go to settings, then document library settings, permissions for this document library and restrict them as appropriate.