Sharepoint Anonymous Access and Custom User Permissions for a page - sharepoint

In sharepoint 2007 how can i give custom user permissions to a page where anonymous access is enabled for its parent site?
This page must be anonymously accessible but editable by only selected domain users. I cannot set permissions on page's parent site because in the same site, different pages must be editable by different people, though i have to set permissions on pages. But when I break the permission inheritance on the pages in order to give custom permissions to users, anonymous access is not working.

Where do you break the permission inheritance? On site, list or folder in the list level? Anyway if you break the permission inheritance somewhere within the list or library you should try to set the anonymous permission mask of the SPList instance (see here for a reference: http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.splist.anonymouspermmask.aspx).
I have been working with a scenario similar to yours with 2007 and did not have any problems...

Related

Regain access to unreachable Sharepoint subsites or libraries

I have a full control permission of our team's Sharepoint site (I think it's Sharepoint 2010, but could also be 2013... I can't tell). For test purpose I created a subsite within this site. I set the subsite to not inherit the parent site's permission and make myself the only user who can see and access the subsite. Later I removed myself as the user of this subsite (i.e. this subsite has no user and no admin). Now whenever I am in the main site, I still can see the link to this subsite, but I cannot access it (it says 'access denied'... I also can't delete this subsite). I would consider this a flaw that Sharepoint lets me make my subsite unreachable, but is there any away I can regain access to this subsite?
Is there perhaps any permission that is more powerful than Full Control?
p.s. this can also happen with document libraries, list, etc.
If you have permission for it, make yourself Site Collection Owner. After that you can access your subsite again.
Add or change a site collection administrator
At the top level of your site collection, click Site Actions and
then Site Settings.
Under Users and Permissions, click Site Collection Administrators.
In the Site Collection Administrators field, type or browse to find
the name of the person you want to designate a site collection
administrator.
Click OK.

SharePoint Libraries not appearing

This is baffling me. I used PowerShell to add about 35 libraries to a site and then create and ADD 3 permissions groups for each library which are set to use unique permissions.
After running my code I thought all was fine. When I go to the site I see all the libraries that I made and can go into each of them and the permissions for each library are correct. However, if I go in as any other user I can't see any of the libraries. Even if I go to all "All Site Content" it's as if they don't exist.
I am the site collection admin and am part of that site's Owners group, but other people in the Owner's group can't see the libraries.
Any Ideas?
It might be that the other users who cannot see those library are not having any permission on that library,since you have broken inheritance. You can verify this by logging in as Site administrator. Open the document library--> Library settings-->Permissions for this document library --> Check Permissions. Here type in the user for whom the library was not available, then you can see if that user is actually having any permission on that library or not.
In SharePoint, it has 5 permission level: full control, design, contribute, read, limit access. Permissions are categorized as list permissions, site permissions, and personal permissions, depending upon the objects to which they can be applied; and it can be inherited from the parent, or it can have its own. if one user doesn't have the permission to a list, the user can't see it.
Permissions control is complex in SharePoint, See these MSDN articles for details:
Permission levels and permissions
About controlling access to sites and site content

SharePoint: You cannot grant limited access permission level

My team implemented a UI to assign/revoke permission levels to users on a certain SharePoint list. The UI supplies an "undo" feature to restore the rights the user had before they were changed through our UI.
Now there is a problem if the user had the "Limited Access" permission level: This permission level is removed when you do a change over the UI. When trying to Undo, the permission level should be added again, which leads to a
You cannot grant a user the limited access permission level.
SharePoint grants that permission level automatically when a user gets access to some entity beneath the site. It cannot be granted manually. This permission level is then inherited by all lists in the site. However, after breaking inheritance on a list, I can revoke the right manually, only, I cannot re-grant it afterwards.
So SharePoint treats that permission level quite particularly and I'm wondering how to work around that in our undo feature.
My questions:
Did I get it right that this "limited access" is granted by SharePoint on the site level only, and all the lists beneath only contain that accidentally through inheritance?
Does that permission level have any effect at all on a list, or does it only apply to the site itself?
So, would it be save to just remove it from a list and do not add it anymore when the user clicks "undo", since it has no effect anyway?
I dare to answer my own question just for reference for future readers:
According to Microsoft's article Permission levels and permissions,
The Limited Access permission level
cannot be customized or deleted.
and
(...) Windows SharePoint Services 3.0
automatically assigns this permission
level to users and SharePoint groups
when you grant them access to an
object on your site that requires that
they have access to a higher level
object on which they do not have
permissions. For example, if you grant
users access to an item in a list and
they do not have access to the list
itself, Windows SharePoint Services
3.0 automatically grants them Limited Access on the list, and also the site,
if needed.
In practice this means that:
If you can delete it, that's only because it has been inherited and has no meaning on that certain list.
If later on a user is granted some permissions to a certain list item, so that he needs the Limited Access on the list, SharePoint will take care of adding it again.
Summarized: No concerns to remove and not re-add that access level.
Removing a user with Limited access on the top level site should not actually remove their explicit access on the list or library below (with broken permissions) but MS do say in the above mentioned article:
However, to access a list or library, for example, a user must have permission to open the parent Web site and read shared data such as the theme and navigation bars of the Web site. The Limited Access permission level cannot be customized or deleted.
This suggests that the user's Limited access should be declared on the site permissions. I think its always best to do a test on your site first before making any assumptions.

Recommendations on SharePoint site permission model

I have a SharePoint site which contains a root site and site collection in it. Now there are some sites that inherits permissions from their parent site and some site has their own permission module. Now a user from owner group of root site browses site collection but there are few site which doesn't allow user to view the content of it.
Now what I want is general recommendation on when creating a new site in SharePoint what is best possible approach to set site permission.
In what case we can inherits permissions from parent site..?
In what case we can we us unique permission for a site..?
If a site has unique permission set then is it possible to creat a group at root level which has access to all site collection irrespective of site permission model?
I want a general recommendation based on above scenario.
Any help will be appriciable.
Thanks
Sachin
In many cases we can't inherit permission in all subsites/ lists. And if we are not inheriting it we can't create a new group which have same permission in all sites/lists. But we can overcome it with the following way.
Create some common permission group with deferent permission level. And create site with inheriting permission and remove user groups from new sites except the common group.
If a new user wants access in all sites/ list you can add this user in appropriate common group.

Anonymous access to a SharePoint site root

I have configured anonymous access on a SharePoint site for "Lists and Libraries". I then enable anonymous access to the individual lists/libraries as per my requirements.
This works great, but I cannot access the root site URL where I expect to be redirected to the welcome page:
Access to http://servername fails with Access Denied
Access to http://servername/Pages/Default.aspx succeeds
If I set the web permissions to "Entire Web Site", I can access the root URL, but I don't want to do this.
I am provisioning my site with a site definition and modifying the site through the object model during feature activation e.g.
web.AnonymousPermMask64 = SPBasePermissions.Open;
web.AnonymousState = SPWeb.WebAnonymousState.Enabled;
web.Update();
... this is the code I'm already using with success.
Does anyone know how to allow anonymous access to http://servername?
It turns out you need to grant the following permission mask on the web object:
web.AnonymousState = SPWeb.WebAnonymousState.Enabled;
web.AnonymousPermMask64 = SPBasePermissions.Open | SPBasePermissions.ViewPages;
web.Update();
Simple really! Anonymous users can now navigate to http://servername and get redirected to the welcome page.
Note: the order of these two properties being set is important. Setting the AnonymousState property to Enabled, sets the permission mask to SPBasePermissions.Open only. This would remove the SPBasePermissions.ViewPages flag if you switched the order of the two properties as shown above.
You need to enable Anonymous access on the Pages library so that you have access to the default.aspx page.

Resources