What are the minimum SharePoint 2010 permissions required to allow a user to personalize a web part page, allowing updates and adding web parts to the page but completely restrict the user modifying the shared version?
I initially copied the built-in “Read” permission level and added the “Manage Personal Views”, “Add/Remove Personal Web Parts” and “Update Personal Web Parts” permissions from the Personal Permissions group. This custom permission level was then applied to a user who then viewed a web part page created by the Administrator, which contained only a very simple prototype SharePoint web part. This web part contained a modifiable label which was edited using the “Miscellaneous” section from the Edit Web Part from the standard SharePoint chrome.
With the custom permission level applied the “Miscellaneous” option it is not available to the user upon personalizing the page and selecting Edit Web Part. The “Miscellaneous” option only becomes available to the user when the permission level is further modified to have the “Edit Items” from the List Permissions group. This has the undesired effect of allowing the user to be able to modify the shared version of the page.
Is what I’m trying to achieve even possible?
Many thanks
Check this out: http://akifkamalsyed.wordpress.com/2011/01/17/personalizable-web-part-custom-property-not-shown-for-users-with-contribute-permission-level/
It's probably because you don't have a safecontrol for the webpart with the attribute SafeAgainstScript
Related
I have a site collection with a subsite. I am storing a roadmap and some other project management documents within a document library in my subsite. I would like to share that document library with an internal user, but I don’t want her to see anything else – just that document library. I don’t want her to see any other parts of the site. Can I do that? How?
Yes,
Go to Site Settings > Site Permissions
Remove the user from all groups (click on Check Permissions to see what permissions she has on your site).
Go to the document library and click on the Library tab in the
ribbon.
Click on Shared With (far to the right)
Click on ADVANCED
Click on Stop Inheriting Permissions, confirm with Ok
Click on Grant
Permissions and give the user the appropriate rights (read, edit
etc.)
EDIT:
This is for a SharePoint 2013 site. Sorry for that. I dont have a SharePoint 2010 site available right now so I cant give you the exact steps, but the concept is still the same:
Remove the users permissions to the site.
Stop inheriting permissions for the document library
Grant the user permissions to the documet library
I have a sub-site (http://mysite/documentcenter). My user is in Site Collection Administrators, so I can see and click the move button in site content and structure of sub-site.
But the other users, who has contribute access to all documents, can't see the Move button - it completely disappeared, it's not greyed out.
How can I make the move button display for the other users?
I know this question is a bit old but, you need to have the following Permission Level enabled or Move is not available.
Manage Web Site - Grants the ability to perform all administration tasks for the Web site as well as manage content.
I would be very careful assigning this permission though as it adds a whole slew of additional access for the user(s).
Make sure Add and Customize Pages permissions is present. There could be a Deny mask coming in from User Policy from central admin, which can overwrite Site Collection admin permissions.
When I place a test AD account in the Visitors group they are unable to view any pages on my new intranet site. The users receives the "Error access denied" sharepoint screen and indicates that the account was able to authenticate, but that some authorisation rule is permitting it from viewing the page.
When i remove then and place them in the Members or Owners groups they are able to view the pages as well as perform the expected functions like editing content and creating subsites.
Interesting, while in only the Visitors group, users can view the "All Site Content" page that is located here: /_layouts/viewlsts.aspx but not /pages/default.aspx.
Has anyone experienced this before?
Environment info:
1 Web application, 1 Site collection using the Publishing Portal template. A few custom master pages, lots of custom page layouts and user controls. All deployed via features.
Sharepoint 2010 Standard edition, 64bit running on Windows Server 2008 against SqlServer 2008 Enterprise Edition. Authentication is against AD, not any other forms auth providers etc.
One likely reason for such behavior is that it tries to access a resource on a page which might not have been published to a major version. For example, if versioning was turned on on images library and an image's version is 0.1, if that image was used on version 1.0 (published) of the page, the server would deny access to the visitor and ask for credentials.
Make sure following:
At least one major version of the page exists (page was published at least once)
All resources (images, movie files etc) used on the page are published (to major version)
You can use "Draft Check" button on Page Tab of the Page's ribbon to check the unpublished resources that are used by the page.
I had the same issue and I've finaly found out how to do this:
If you check OOB group access, you can find that Visitors group has limited number of pages where it has granted access.
Navigate to /yourweb/_catalogs/masterpage. Here you'll find many
.aspx files (including default.master).
Open this default.master`s permissions and you see it inherits from
Master Page Gallery.
Click this permissions inheritance and you can see that Master Page
Gallery permissions are not inherited from site collection
permissions.
Give here the Contribute permissions to Style Resource Readers (or
modify it as you'd like) and all users will have access to this web
with no permissions to edit etc..
I had a similar issue and the thing I noted in your Environmental comments was the custom master pages. Go to your Site Settings and ensure that your custom master pages have been published. If you need to publish them also check the corresponding html pages after they have been published as they may need to be republished also.
This worked for me.
I'm curious about the best/most efficient way to do this.
I've already set up my sharepoint 2010 site, and it is configured to use FBA. What i'd like to do is allow users to create their own accounts by filling out a form (the form will sit on a public sharepoint site, and filling it out creates a user in the membership database which is used for validation to enter the FBA sharepoint site).
I'm familiar with using the asp CreateWizard tool to build user accounts as part of a .Net web application, but I'm not sure on how to develop this as a webpart for use in a sharepoint site, as a webpart doesn't have the config file to store connection string and membership/role provider info.
Can this user creation form be put in a webpart and deployed to other sites, or is there another/better way to add this functionality to sharepoint (allowing users to register/create their own FBA accounts for access)?
There's nothing not much difference between SharePoint and regular ASP.Net for this.
The membership provider will need to be configured in the SharePoint web.config, including connection strings. However, it does not actually need to be used for login, so you can still create users in that membership provide from a different site.
I use a slightly different approach though - set up an anonymously accessible page in your site (in layouts is probably easiest, though a page within a site may be better for branding) and put controls on that page to create (and log in) a new user. You will need to call EnsureUser and possibly CreateUserProfile to give the new user access to anything, but aside from that it's all standard .net.
I am developing a sharepoint 2010 visual webpart that will show some sort of ajax content.
I have a property on the webpart for the refresh rate, but I want this property to be set only by an Administrator (or any specific group).
What is the best way to achieve this?
Thank you.
In our organization, everyone by default is granted "Read" permission to our SharePoint sites through an "All Employees" Active Directory group. This allows users to browse the pages, but not edit them; and if you can't edit a page, you can't edit any web parts on the page.
Those who should have elevated privileges are added to other AD groups (you could use SharePoint groups too), and those groups are granted appropriate permissions.
You could create a custom Toolpart. Take a look at this example for a tutorial on how to create one.
Overall, your general steps will be:
Create your custom Toolpart class inheriting from Microsoft.SharePoint.WebPartPages.ToolPart
In your custom Toolpart, override CreateChildControls, write the code to display your textbox as long as the current user has permission (based on whatever rules you choose, ex: SharePoint group).
In your webpart, override GetToolParts and add your custom ToolPart so that it shows up in the right hand side