I have a test user account, who is in the group "Members" with the default permission level of "Contribute". I created two custom aspx pages in Visual Studio, that are stored in the _layouts directory. How is it possible that this user account can view one of those pages, but not the other? One page has a single button on it and the other has a gridview, displaying list items. He can view the page with the gridview, but not the page with a single button. Anyone has an idea why?
Oh, and he is also prohibited from viewing a custom web-part written in Visual Studio, for some reason.
Ok based on your comments it sounds like you are probably accessing either the Group itself and the current user doesn't have access to view the members of the group. Note it may also be something else in your code behind that the current user doesn't have permission to do. Typically the access denied page happens without an exception so you'll have to look at the SharePoint ULS logs for more information on the error. (Technically it aborts the normal page rendering life cycle and redirects the user to the Access Denied page.)
ULS logs are found in the 12 hive under the LOGS subdirectory. I would suggest using the ULS Viewer instead of trying to visually parse through the logs with NotePad (there's a lot there).
Related
I recently just got into Acumatica Report Designer. I have followed a quick tutorial I had found at https://www.timrodman.com/building-your-first-report-in-acumatica-report-designer/, but when I put my report into my Local instance of Acumatica I can not see it. I can directly put the screen id in the URL, but if I search it nothing pops up. I changed all the access rights to granted for the report itself. I have all admin rights on my local instance. What am I missing?
Make sure that you are adding a Workspace and category for anything with Modern UI
Note the top report will show up on Inventory Workspace under the Physical Inventory Category
The bottom 4 reports are loaded on the server but not mapped to the ui so can be accessed in code via an action etc. but are not on the ui. And would be under hidden for security purposes
Site Map Screen
Security View under hidden Workspace
Can you post a picture of your sitemap? My guess is that your URL is incorrect.
I'm trying to find what is the permission security for allowing visibility of the Alias function in the Presentation tab ribbon.
For the user in question i've browsed to the core database, and under Access viewer, i'm looking that all the items under Applications/Content Editor have read-enabled permissions, specifically the item /sitecore/content/Applications/Content Editor/Ribbons/Strips/Presentation/Page Urls as well as /sitecore/content/Applications/Content Editor/Ribbons/Chunks/Page Urls are read-enabled
However, when login as this user there is no presentation tab.
I've tried resetting the cache and still nothing changes. I'm using sitecore 6.5.0
I think you are almost there, but you still need to give the user sufficient access to the /sitecore/system/Aliases item.
Create a new role(or use an existent one), for example sitecore\Sitecore Client Aliases. Use this role to add the following permissions.
Switch to the Core database and allow Read permission for the /sitecore/content/Applications/Content Editor/Ribbons/Chunks/Page Urls item and its descendants
Switch to the Master database and unprotect the /sitecore/system/Aliases item by using the Unprotect Item checkbox in the Configuration tab.
Allow Read, Write, Create permissions for the /sitecore/system/Aliases item and Read, Write, Create, Delete permissions for its descendants.
Protect the /sitecore/system/Aliases item back.
Add user to the sitecore\Sitecore Client Aliases role.
Found here: http://wiki.evident.nl/Sitecore%20alias%20role.ashx
The easiest way to enable the presentation tab is to use a sitecore standard role.
I'm not totaly sure but i asume it was sitecore\Sitecore Client Designing.
And as far as i know you have to use those standard roles to enable access to certain chunks.
Try using the Access Viewer for the user which doesn't see the Alias Tab. You can manually switch to the core database and then click on the different tabs with the specified user / role to see what causes this behavior. Most of the times you will find out that some role / restriction was set to a higher level item dat denies read rights.
Another SharePoint question from myself!
I've created a subsite and from within Sharepoint designer I've created a new aspx page, all nice and simple so far. I can't seem to find where I can change the security on this new page, only site admins can view the page and everyone else gets access denied.
It doesn't seem to inherit the permissions from the parent and I can't see where to change the security settings!
Please help, I'm sure it's something simple!
Thanks
Dan
You've placed your ASPX file in a 'bad' place. It doesn't sit where the normal security structures for SharePoint work so you won't be able to set its item level permissions (because it is not an 'item'). This is the danger of giving people SharePoint Designer ;)
Personally I think your page belongs in the _layouts folder somewhere since it seems to be an admin page. In there you could simply secure it by a call like:
SPUtility.EnsureSiteAdminAccess();
Either you can:
Put your page in a library so you can set item level permissions to it
Create a custom control that allows you to call the code above for any page
Move the page to _layouts
From SharePoint, you should be able to navigate to where you stored your new aspx page (probably in one of your Document Libraries). From that location you can either change the permission of the Document Library, or manage the permissions of an individual aspx page.
Please note that it is best practice to set permissions at the Site Collection level and allow everything under the Site Collection to inherit permissions.
I made a custom page and added it to a MOSS 2007 site.
the custom page has an update panel and some ajax controls
when I'm logged in as an administrator with full control permissions, the page works fine.
but if another user with even Full control permission logs in and browse the page, an error appears:
The control with ID 'UpdatePanel2' requires a ScriptManager on the page. The ScriptManager must appear before any controls that need it.
where UpdatePanel2 id the id of the update panel in the page, and the strange thing is that the master page of the site has a script manager addded to it.
so what can be the reason of this ?
thanks
This is one of the Common Behaviour when you dont approve the changes of the MasterPage after chaning the master page through SharePoint designer. To resolve this problem make sure that you have approved the changes of the MasterPage you did. Usually admin has fullpermission to view the unapproved changes as well, while normal users dont.
I've installed a Sharepoint site for my team. Everything work fine. But suddenly, I've found that I can not edit the quicklaunch menu: every time I click on Add Item or edit an Item, I get a 403 error.
I've logged with administrator account. I've tried using different browsers such as chrome, firefox, but no hope. The same errors occur when I access Advanced permissions under User and Permission.
Clicking to edit permissions for any group in the list will also cause a 403 error. I think that I may have done some wrong setting with permissions, but I can not figure out what I have done, as I'm pretty new with Sharepoint.
Can you guys tell me how to troubleshoot this problem?
Regards,
You can configure diagnostic logging settings to show why SharePoint gave you a 403 error in the SharePoint Trace Log file.
In central Admin:
On the top navigation bar, click Operations.
On the Event Throttling section, in the Select a category menu, select General
In the Least critical event to report to the event log menu, select Warning
In the Least critical event to report to the trace log menu, select Verbose
Click OK
Go to the Path specified for the Trace Log and reproduce the error. Then open up the last modified sharepoint log file and search for "Denied" (searching up from the bottom of the file). You should see the cause of the 403 error in the log file.
Log in with the site collection administrator account. You most likely removed your own administrative rights from the site (I still don't know why SP will let you do this).
Once you are in, give your normal network account back its administrative permissions.
The site collection administrator account has godlike permissions within its site collection and can override all configured permissions on all securable objects in its domain.
USE THESE CAREFULLY
You probably have a incorrect setup in the service accounts making your server block some internal requests. Try to disabled the Loopback Check:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
Create a DWORD named 'DisableLoopbackCheck' with a '1' value.
Also make sure your Application Pool (IIS Manager) is running under an actual never-expires user account not the System Account.
Please do not turn off the LoopbackCheck. Turning it off will fix the issue but it also opens you up to a reflection attack which even script kiddies have the ability to do. Instead please use the BackConnection Host file instead.
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
Add a Multistring value named BackConnectionHostName
In this type in the name of your host names. Example: StackOverflow.com
Type each of the names you use to call SharePoint one on each line.
What we are doing here is letting the server know to respond to itself if called by something other than its host name.
Check your ntfs permissions on c:\program files\common files\microsoft shared\web server extentions\12\template\layouts\user.aspx