While permissioning the pages created in Guest site, I disable the view permission for Guest role and then log out.
Now when I try to login, I can see error message displaying permission error.
I know one of the possible way to resolve it would be firing some database query and enabling view permission for Guest role so that I can atleast log in.
However Is there any other way to resolve this ?
Also It would be nice If anyone provides the database query for this.
Thanks in advance.
One approach I found is to use Auto login functionality of liferay.
Following are the steps:
1) Add following property in portal-ext.properties
auto.login.hooks=com.liferay.portal.security.auth.CASAutoLogin,com.liferay.portal.security.auth.FacebookAutoLogin,com.liferay.portal.security.auth.NtlmAutoLogin,com.liferay.portal.security.auth.OpenIdAutoLogin,com.liferay.portal.security.auth.OpenSSOAutoLogin,com.liferay.portal.security.auth.RememberMeAutoLogin,com.liferay.portal.security.auth.SiteMinderAutoLogin,com.liferay.portal.security.auth.ParameterAutoLogin
2) Now start the server and go to
LIFERAY_IP:LIFERAY_PORT?parameterAutoLoginLogin=ADMIN_USERNAME¶meterAutoLoginPassword=ADMIN_PASSWORD
i.e in my case
localhost:8080?parameterAutoLoginLogin=test#liferay.com¶meterAutoLoginPassword=test
3)You will now be able to log in to portal and then go to control panel with /group/control_panel and modify the permission of page.
Related
not sure if this is the right place to post dev question so please point me to the right place if its not...
I have a customer that gave a user permission to one specific list.
for example:
https://[tenant].sharepoint.com/sites/qa/permissions/lists/tasks
The user cannot browse to the site:
https://[tenant].sharepoint.com/sites/qa/permissions
But he can get to the list with no problems.
When we try to get the list items using REST api, that user gets "UnauthorizedAccessException" error.
Rest API url we tried:
https://[tenant].sharepoint.com/sites/qa/permissions/_api/web/lists/getbytitle('tasks')
https://[tenant].sharepoint.com/sites/qa/permissions/_api/web/lists/getbytitle('tasks')/items
Users with at least read permissions on the site /sites/qa/permissions have no problems getting to both these API endpoints.
Is there a different way to make the REST API work for users with permissions to just one list?
Is there a limitation of the REST API and it does not support that?
Thanks!
(I posted this on technet as well, and will update here if I get an answer there)
You can deactivate the site collection feature Limited-access user permission lockdown mode.
When this feature is activated, users with "Limited access" as permissions have reduced permissions which prevent them from accessing the list item/documents properties. This will cause the Unauthorized Exception error while accessing SharePoint artefacts.
So, go to your Site Settings > Site collection features
And Deactivate the Limited-access user permission lockdown mode feature.
After that, refresh and check.
More details - Enable or disable site collection features
I've given IIS_User modify access and confirmed this on the media disk folder, but i'm still getting a 'Insufficient file system permissions to edit this image.'
Could there be a permission level conflict between IIS_USER and the service level account Kentico is using through the app pool?
Mark, if I understood you correct you are not using IIS_USER as Kentico app pool account. If this it correct - you do not have to grant any permission for it, but only for account configured for Kentico app pool instead.
It can depend on how you set up the site, but what i would do is in IIS hit the "Basic Settings" on the right and see what your app pool is.
If it's a named one, try to right click on the website -> Permissions, and add the user "IIS APPPOOL\TheNameOfTheAppPool" and give full permissions there.
If that user doesn't show up, then try giving the IIS_IUSER full permission, test if it works, if it does then you can start scaling back permissions till it 'breaks' and stops working. If it does't work, then you need to try the other users.
SharePoint is showing strange behavior that when I use my Custom login page which is using the credentials entered to get authenticated by my Custom Security Token service (Trusted Identity provider) for SharePoint. When my Identity provider sends a response to SharePoint, it redirects me to this URL
http://WebAppURL/_layouts/15/AccessDenied.aspx
Which should not appear because my identity provider has authenticated it, I was messing around with things and then while doing that I changed my URL from the above mentioned to
http://WebAppURL/ (Got rid of _layouts/15/AccessDenied.aspx)
It worked now whenever I log into my sharepoint webapp I first get this access denied page and then I have to change my URL, I get all the claims sent by my Identity provider.
Now If anyone out there can help me with this redirection issue? The realm I am giving while registering my IP-STS with SharePoint I append
http://webappURL/_trust/default.aspx
and also tried
http://webappURL/_trust as well but no success.
Any help or suggestion is appreciated. Thank you.
It turns out that permission to the site collection master page gallery had been removed. So even though the users had permissions to the master page gallery on the subsite, they were getting access denied errors on the subsite. We're not sure how the permissions on the site collection master page gallery were removed.
or see if this helps here.
In my case, I needed to update the permissions on the /_trust directory to include Everyone with Read permissions.
All,
I'm configuring Sharepoint to use forms authentication with LDAP/Active Directory. I'm new to Sharepoint, so if this is obvious, please point me in the right direction.
Whenever I attempt to log in with a bad account or password, I get the very friendly (and correct) error message,
The server could not sign you in. Make
sure your user name and password are
correct, and then try again.
... which implies that Sharepoint is able to communicate with AD. If I log in with a valid account, I get a page that says:
alt text http://img63.imageshack.us/img63/6053/sharepointerror.png
(I added the grey bar to cover up the login name)
Any suggestions? The account I'm logging in with is an administrator and has been granted full control in central administration.
Also, interesting note: If I click the "sign in as a different user" link, and attempt to sign in using with the same credentials I just used, the site just redirects back to the login page, with no error or status message. If I then manually enter the site url, it again shows the "Error: Access Denied" page. Argh.
Go to site action of the actual site and add user in the format of
:loginid
It should resolve and show it underlined then try login in back to application that should fix it.
Your AD connection is working fine just need to add to sharepoint users list
yourprovider:userid
Yourprovider name is the name you gave to the user provider in web config
And you can add this user from parent site that is windows protected and you have all
I suppose it's sharepoint site security issue.
I'm getting the same error when trying to enter Site Settings page with a user that has a lack of permissions.
If you have at least one user that can access the Site Settings page, I suggest you to go to Site Actions/Site Settings/Users and Permissions/People and grops then click New button and add a user from AD to an appropriate group, eg. Team Site Members.
You have made connection with Ad and its working fine. So that you got error, when you try to login with invalid user id.
But you have missed one step in above scenario.
You need to give the permission for all AD users in your SharePoint site. The better way is to create a user group in AD (it may already there) which included all the users and add this user group in your SharePoint site with read permission.
I am trying to replicate a production issue in my dev environment but am running into permissions issues, where a user in the "Contributor" group gets an access denied error. Furthermore, if I make this user a Site Collection administrator he still gets the same access denied error.
Why is this happening? How do I fix?
UPDATE: I do not have a problem when I log in from inside my VM in the dev environment. The problem must be that my dev environment is its own domain. So the question becomes, how can I log in from a machine not in the domain? I'd like to avoid extending the web application if possible.
UPDATE 2: By the way, I'm able to log in the site from my host OS fine when the credentials I use are of the "System Account."
Troubleshooting Access Denied errors is something that plagues me daily... so I feel your pain.
I am assuming this user is trying to access some page in SharePoint. From my experience, if even one Web Part on the page is accessing something the user does not have access to, the entire Access Denied page is shown.
One way to troubleshoot access to the SITE (not the page) is by visiting the "All Site Content" page: /_layouts/viewlsts.aspx. If they can get to this page, then it is something wrong with the page and not the site.
Next I would try exporting and then DELETING (not closing) webparts from the page to determine which one is causing the problem. Since you have a dev environment, I assume you could do another restore if things get too mucked up.
when do they get the access denied error? hitting the site?
are you sure that the user you're adding to the group is the same user you're logging in as? Sometimes if you have multiple user stores you can add different users to the group: DOMAIN\joe.user, forms:joe.user, someotheraccountstore:joe.user, etc.