I have a SharePoint 2013 calendar that needs unique permissions on it, allowing people who have NOT been granted access to the parent site access to this calendar. I've broken inheritance on this calendar and granted Read permissions on the calendar to these non site members. They are able to browse the calendar via Internet Explorer, but if they click the Connect to Outlook button in SharePoint, Outlook prompts for a username/password that can never authenticate. The calendar is added to Outlook, but any attempts to sync results in an error message:
'Task SharePoint reported error (0x80070005): You do not have permission to view theis SharePoint List... HTTP 401'
I've tried the conventional wisdom of deleting the calendar from Outlook and adding again, but always get the same result. The only thing that seems to fix the issue is to add the external user to the calendar's parent site as part of the members group. This gives that external user access to other content in the parent site we want to restrict, so this is not an option.
Any suggestions on how to resolve this issue?
Tks
In order to Sync a SharePoint list or library to Outlook, the user must have Collaborate permissions for the library or list (2nd paragraph).
Finally got it figured out. There are a couple of folders like Site Collection Images and Style Folders that have unique permissions under the calendar parent site. My external users were not members of these libraries. As soon as I added them, I was able to add my SharePoint calendar to Outlook.
Related
not sure if this is the right place to post dev question so please point me to the right place if its not...
I have a customer that gave a user permission to one specific list.
for example:
https://[tenant].sharepoint.com/sites/qa/permissions/lists/tasks
The user cannot browse to the site:
https://[tenant].sharepoint.com/sites/qa/permissions
But he can get to the list with no problems.
When we try to get the list items using REST api, that user gets "UnauthorizedAccessException" error.
Rest API url we tried:
https://[tenant].sharepoint.com/sites/qa/permissions/_api/web/lists/getbytitle('tasks')
https://[tenant].sharepoint.com/sites/qa/permissions/_api/web/lists/getbytitle('tasks')/items
Users with at least read permissions on the site /sites/qa/permissions have no problems getting to both these API endpoints.
Is there a different way to make the REST API work for users with permissions to just one list?
Is there a limitation of the REST API and it does not support that?
Thanks!
(I posted this on technet as well, and will update here if I get an answer there)
You can deactivate the site collection feature Limited-access user permission lockdown mode.
When this feature is activated, users with "Limited access" as permissions have reduced permissions which prevent them from accessing the list item/documents properties. This will cause the Unauthorized Exception error while accessing SharePoint artefacts.
So, go to your Site Settings > Site collection features
And Deactivate the Limited-access user permission lockdown mode feature.
After that, refresh and check.
More details - Enable or disable site collection features
I am updating a SharePoint 2007 solution to SharePoint 2013. The solution creates a list of permissions for each site in a site collection. In SharePoint 2007 I used SOAP to query the ROLE object and got back the Groups and Users security objects for a site. In SharePoint 2013 ROLE and SOAP is deprecated. I am trying to use the REST API to recreate the solution. I am able to get the groups object for each site, but I am unable to find the way to get the Users security object for the sites. I can get Site Users for the site collection and get the Users in a SharePoint Group, but I find no way to get the Users Security Object for a site. Has anyone been able to accomplish get the Users for a site?
Sample REST api to check user permission for site.
You need encode the URL from(suppose your use default NTLM authentication)
/_api/web/getusereffectivepermissions(#user)?#user='i:0#.w|contoso\userb'
TO
/_api/web/getusereffectivepermissions(#user)?#user='i%3A0%23.w%7Ccontoso%5Cuserb'
About the return value, check below thread.
http://www.lifeonplanetgroove.com/checking-user-permissions-from-the-sharepoint-2013-rest-api/?doing_wp_cron=1449727796.2080190181732177734375
I have a folder in a Sharepoint Foundation 2010 document library with unique permissions so only a specific group of users can access.
The folder is created only in some cases and it's important that other users can't know when the folder exists or not.
But if a user with no access permissions types the direct url doesn't get an error, but a page showing an empty folder.
It's good that he can't see the content, but it's not good that he can know that the folder is there.
Is it a Sharepoint security bug?
[EDIT]
I made a test on Sharepoint 2007. Users with no access on a folder get a Access Denied Error if they type the direct url.
I think the behavior on Sharepoint 2010 is a real bug.
No, it's not a bug. This is how it has always worked.
I am getting an error when trying to sync some calendars with Outlook. The error is
"Task 'SharePoint' reported error (0x80070005): 'You do not have permission to view this SharePoint List (Site Name - Calendar Name). Contact the SharePoint site administrator. HTTP 302'"
This error is intermittent (removing the calendar from Outlook and re-syncing it sometimes resolves it temporarily) and does not effect all users at the same time.
I have full control of the site as well as the calendar in question. I have tried breaking permission inheritance and setting unique permissions on the calendar with no change. I have checked AAM and all is correct (site is accessed the via the same URL internally and externally)
Our site uses both Forms Based Authentication and Windows Authentication. This issue is experience by users using AD (have not tried any FBA users).
Setup the URL for default and intranet (I know, I know) - just try it. We thought internet was right too - but kept hitting our heads against the wall. If it breaks something, try setting the value for all 3 zones - default, internet and intranet... may the luck be with you.
Go into SharePoint Central
Administration
Go to Operations Under Global
Configuration, select Alternate
access mappings
Choose your Alternate Access Mapping
Collection from the dropdown (e.g.
SharePoint - 80)
Make the Default zone your new DNS
name, including if it's SSL'ed or not
(e.g. http://portal.company.com or
https://portal.company.com)
They were having the same errors
i have a new sharepoint instance in standalone mode. yesterday i was able view newly added users (added in user & groups of computer management) to sharepoint. the search feature in sharepoint brings up the users while adding them to sharepoint.
but today, strangely, new users added to windows are not showing up in the sharepoint user search. hence i am not able to add any new user to my moss instance? I compare the previous users and newly users properties and found nothing different!?
any clue why this is happening?and how to fix this?
thanks in advance
Has the user profile service stopped working? Check the Shared Service Provider.