I am developing a workflow using Project Server 2013 and sharepoint designer.
Everything works fine until I try to set the value of a project field. When I do I get a 401 error (before I'd got a 403 error but solved it granting elevated permissions).
I've tried everything (or I think I did):
configuring the stages (requiring check-in)
configuring the custom fields (field not controlled by workflow)
configuring the site collection features (grant workflows app permissions)
But nothing seems to work, I always get:
System.ApplicationException: HTTP 401 {"error":{"code":"-2147024891, System.UnauthorizedAccessException","message":{"lang":"en-US","value":"Access denied. You do not have permission to perform this action or access this resource."}}} {"Transfer-Encoding":["chunked"],"X-SharePointHealthScore":["0"],"SPClientServiceRequestDuration":["26"],"SPRequestGuid":["94133bac-d37e-4a3d-84c6-ed9c1db025b8"],"request-id":["94133bac-d37e-4a3d-84c6-ed9c1db025b8"],"X-FRAME-OPTIONS":
Any help would be greatly appreciated
The problem was that the admin account running the workflow did not have permissions to access some user groups.
By granting that all user could access to see the members of every group both problems were solved and elevated permissions weren't necessary anymore.
Hope this helps anyone.
Related
I am an administrator to a DevOps project and i have full access to the project.
I am trying to provide a user whom i only need to give access to a certain pipeline.
Steps Take:
Initially i provided him with only Reader access and he is not able to access the URL (404 error)
I removed him from reader and provided with Contributor access and still cannot access the pipelines.
Getting below error,
404 - Page not found Looks like this page doesn’t exist or can’t be found. Make sure the URL is correct. 23/05/2022 2:48:04 PM (UTC) 1e9217ce-2731-4aaa-b853-80c7444299e8
Like i said, the user is a member of the Valid Users and Contributor built-in roles without any customization.
The user is able to navigate to releases and environments and deployment groups, but not able to access build pipelines, library, or Task groups.
Error screen and screenshots attached
This issue is resolved after i contacted microsoft. The issue was due to the user access is stakeHolder. Thanks for GeralexGR comment i was able to streer through that direction.
Resolution:
Change users access level from StakeHolder to Basic.
I have created the list workflow and just printing the history log to print a test message. I am trying to publish the workflow using my account but it always returning me below warning error message.
You do not have permission to do this operation. Ask your site
administrator to change your permissions and then try again, or log on
with a user account that has this permission. To log on with a
different user account click OK.
I did below workaround but did not get work:
Checked the site permissions for my account, all permissions are working correctly. I have full control, design and contribute access.
Checked the permissions for SharePoint designer, this is working fine. I am Primary administrator from central admin.
Checked the application pool. This is working fine.
Reset the IIS.
Also restarted the server as well once.
Can any one please advise what is the exact issue here?
You could try to install the latest update for SharePoint Designer. Check if it works for you.
1.Install SPD SP1:https://support.microsoft.com/en-us/help/2817441/description-of-microsoft-sharepoint-designer-2013-service-pack-1-sp1
2.Then install the latest update: https://support.microsoft.com/en-us/help/3114721/august-2-2016-update-for-sharepoint-designer-2013-kb3114721
not sure if this is the right place to post dev question so please point me to the right place if its not...
I have a customer that gave a user permission to one specific list.
for example:
https://[tenant].sharepoint.com/sites/qa/permissions/lists/tasks
The user cannot browse to the site:
https://[tenant].sharepoint.com/sites/qa/permissions
But he can get to the list with no problems.
When we try to get the list items using REST api, that user gets "UnauthorizedAccessException" error.
Rest API url we tried:
https://[tenant].sharepoint.com/sites/qa/permissions/_api/web/lists/getbytitle('tasks')
https://[tenant].sharepoint.com/sites/qa/permissions/_api/web/lists/getbytitle('tasks')/items
Users with at least read permissions on the site /sites/qa/permissions have no problems getting to both these API endpoints.
Is there a different way to make the REST API work for users with permissions to just one list?
Is there a limitation of the REST API and it does not support that?
Thanks!
(I posted this on technet as well, and will update here if I get an answer there)
You can deactivate the site collection feature Limited-access user permission lockdown mode.
When this feature is activated, users with "Limited access" as permissions have reduced permissions which prevent them from accessing the list item/documents properties. This will cause the Unauthorized Exception error while accessing SharePoint artefacts.
So, go to your Site Settings > Site collection features
And Deactivate the Limited-access user permission lockdown mode feature.
After that, refresh and check.
More details - Enable or disable site collection features
SharePoint is showing strange behavior that when I use my Custom login page which is using the credentials entered to get authenticated by my Custom Security Token service (Trusted Identity provider) for SharePoint. When my Identity provider sends a response to SharePoint, it redirects me to this URL
http://WebAppURL/_layouts/15/AccessDenied.aspx
Which should not appear because my identity provider has authenticated it, I was messing around with things and then while doing that I changed my URL from the above mentioned to
http://WebAppURL/ (Got rid of _layouts/15/AccessDenied.aspx)
It worked now whenever I log into my sharepoint webapp I first get this access denied page and then I have to change my URL, I get all the claims sent by my Identity provider.
Now If anyone out there can help me with this redirection issue? The realm I am giving while registering my IP-STS with SharePoint I append
http://webappURL/_trust/default.aspx
and also tried
http://webappURL/_trust as well but no success.
Any help or suggestion is appreciated. Thank you.
It turns out that permission to the site collection master page gallery had been removed. So even though the users had permissions to the master page gallery on the subsite, they were getting access denied errors on the subsite. We're not sure how the permissions on the site collection master page gallery were removed.
or see if this helps here.
In my case, I needed to update the permissions on the /_trust directory to include Everyone with Read permissions.
I am trying to replicate a production issue in my dev environment but am running into permissions issues, where a user in the "Contributor" group gets an access denied error. Furthermore, if I make this user a Site Collection administrator he still gets the same access denied error.
Why is this happening? How do I fix?
UPDATE: I do not have a problem when I log in from inside my VM in the dev environment. The problem must be that my dev environment is its own domain. So the question becomes, how can I log in from a machine not in the domain? I'd like to avoid extending the web application if possible.
UPDATE 2: By the way, I'm able to log in the site from my host OS fine when the credentials I use are of the "System Account."
Troubleshooting Access Denied errors is something that plagues me daily... so I feel your pain.
I am assuming this user is trying to access some page in SharePoint. From my experience, if even one Web Part on the page is accessing something the user does not have access to, the entire Access Denied page is shown.
One way to troubleshoot access to the SITE (not the page) is by visiting the "All Site Content" page: /_layouts/viewlsts.aspx. If they can get to this page, then it is something wrong with the page and not the site.
Next I would try exporting and then DELETING (not closing) webparts from the page to determine which one is causing the problem. Since you have a dev environment, I assume you could do another restore if things get too mucked up.
when do they get the access denied error? hitting the site?
are you sure that the user you're adding to the group is the same user you're logging in as? Sometimes if you have multiple user stores you can add different users to the group: DOMAIN\joe.user, forms:joe.user, someotheraccountstore:joe.user, etc.