I have a folder in a Sharepoint Foundation 2010 document library with unique permissions so only a specific group of users can access.
The folder is created only in some cases and it's important that other users can't know when the folder exists or not.
But if a user with no access permissions types the direct url doesn't get an error, but a page showing an empty folder.
It's good that he can't see the content, but it's not good that he can know that the folder is there.
Is it a Sharepoint security bug?
[EDIT]
I made a test on Sharepoint 2007. Users with no access on a folder get a Access Denied Error if they type the direct url.
I think the behavior on Sharepoint 2010 is a real bug.
No, it's not a bug. This is how it has always worked.
Related
I have a SharePoint 2013 calendar that needs unique permissions on it, allowing people who have NOT been granted access to the parent site access to this calendar. I've broken inheritance on this calendar and granted Read permissions on the calendar to these non site members. They are able to browse the calendar via Internet Explorer, but if they click the Connect to Outlook button in SharePoint, Outlook prompts for a username/password that can never authenticate. The calendar is added to Outlook, but any attempts to sync results in an error message:
'Task SharePoint reported error (0x80070005): You do not have permission to view theis SharePoint List... HTTP 401'
I've tried the conventional wisdom of deleting the calendar from Outlook and adding again, but always get the same result. The only thing that seems to fix the issue is to add the external user to the calendar's parent site as part of the members group. This gives that external user access to other content in the parent site we want to restrict, so this is not an option.
Any suggestions on how to resolve this issue?
Tks
In order to Sync a SharePoint list or library to Outlook, the user must have Collaborate permissions for the library or list (2nd paragraph).
Finally got it figured out. There are a couple of folders like Site Collection Images and Style Folders that have unique permissions under the calendar parent site. My external users were not members of these libraries. As soon as I added them, I was able to add my SharePoint calendar to Outlook.
I have a site collection with a subsite. I am storing a roadmap and some other project management documents within a document library in my subsite. I would like to share that document library with an internal user, but I don’t want her to see anything else – just that document library. I don’t want her to see any other parts of the site. Can I do that? How?
Yes,
Go to Site Settings > Site Permissions
Remove the user from all groups (click on Check Permissions to see what permissions she has on your site).
Go to the document library and click on the Library tab in the
ribbon.
Click on Shared With (far to the right)
Click on ADVANCED
Click on Stop Inheriting Permissions, confirm with Ok
Click on Grant
Permissions and give the user the appropriate rights (read, edit
etc.)
EDIT:
This is for a SharePoint 2013 site. Sorry for that. I dont have a SharePoint 2010 site available right now so I cant give you the exact steps, but the concept is still the same:
Remove the users permissions to the site.
Stop inheriting permissions for the document library
Grant the user permissions to the documet library
This is baffling me. I used PowerShell to add about 35 libraries to a site and then create and ADD 3 permissions groups for each library which are set to use unique permissions.
After running my code I thought all was fine. When I go to the site I see all the libraries that I made and can go into each of them and the permissions for each library are correct. However, if I go in as any other user I can't see any of the libraries. Even if I go to all "All Site Content" it's as if they don't exist.
I am the site collection admin and am part of that site's Owners group, but other people in the Owner's group can't see the libraries.
Any Ideas?
It might be that the other users who cannot see those library are not having any permission on that library,since you have broken inheritance. You can verify this by logging in as Site administrator. Open the document library--> Library settings-->Permissions for this document library --> Check Permissions. Here type in the user for whom the library was not available, then you can see if that user is actually having any permission on that library or not.
In SharePoint, it has 5 permission level: full control, design, contribute, read, limit access. Permissions are categorized as list permissions, site permissions, and personal permissions, depending upon the objects to which they can be applied; and it can be inherited from the parent, or it can have its own. if one user doesn't have the permission to a list, the user can't see it.
Permissions control is complex in SharePoint, See these MSDN articles for details:
Permission levels and permissions
About controlling access to sites and site content
I created a SharePoint sub-site, and accidently deleted all permissions groups except for the Members (which included me) and now I'm stuck looking at the site I've created but I'm not able to edit or delete it and create a new one.
Any idea of what I could do to get myself out of this situation?
Thanks,
Ash
Normally you can still sign-in with the system account.
If not try adding the system account to the Site Collection Administrators. (In the settings of the root site of the site collection. )
You'll need to use an account that's in the Site Collection Administrators.
If you're not able to view the Site Collection Administrators (in Site Settings), you'll need to contact the admins of the site and ask them to re-assign you Full Control permissions to your site so you can begin rebuilding your site permissions.
Here's the scenareio:
I have a single site collection, with the publishing infrastucture feature activated. Seveal levels below this I have a publishing site with the publishing features turned on. I also have unique permissions for this site.
The problem is that no one except site collection administrators can "Create Page". I have given the individuals everything including full control, and they still can not create pages. They can edit pages, but not create.
Am I doing something wrong? What is the proper way to set up the taxonomy of a site? I am trying to create a hierarcy to match my organization and mostly am using unique permissions on each site/subsite. This is working ok, until i needed a publishing site, but I don't want him to be a site collection admin. I would appreciate any help or ideas with how to make the publishing site work as I have it, or guide me on the proper way to lay out the site.
The fact that you are using Publishing features shouldn't have an effect on permissions. Publishing (for the most part) really has more of an effect on how edits are handled - i.e. immediately deployed or checked in and published at a later point. That's oversimplifying it - but back to your question.
Most likely - what is happening is that you have not given the user permission to the library where the template is that they need access to in order to create the page. I'm 99% sure that is what is happening here. Makes sense - they have the rights to the site - and permissions to edit the pages that exist - but creating a page requires them to access a new file - in a different library. If they don't have permissions to that template library - you get the access denied error.
When your user tries to create a page, they get an access denied error page correct? Copy the URL of that page, and examine it closely. It should reveal the location of the template folder they are trying to access but don't have permissions for. Read-only access to that template library should get your user the access they need.
One other recommendation - check out the access checker web part in Codeplex. http://accesschecker.codeplex.com/. This web part is loaded as a solution and allows you to display a hierarchical list of the sites that a specific user has permissions to. VERY helpful in confirming that you have given the permissions you thought you had.
Finally - in terms of permissions best practices - I think you are doing fine. You've gotten a little frustrated because you took a different path on a site (i.e. publishing) and it's behaving differently. But nothing is wrong. I've been there:) You really have two options w/ SP permissions - SP based groups (visitors, members, owners etc) or pulling in AD groups. Either way, you'll be making the same decision regarding unique or inherited permissions. You either use the same permissions as the parent site - or use unique permissions. HTH