Allow visitors to add or remove web parts in SharePoint - sharepoint

Outside of the "My Site" page in SharePoint, is there any way to allow my sites visitors/users to add or remove web parts on pages without giving them contributor writes? I'm working on a corporate intranet that is being built with SharePoint and they want the home page of the site to be highly personalizable. But besides the "My Site" page, I don't know of any way to allow all of the visitors to add or remove web parts. Can anyone provide any guidance? Thanks.

I tested this with a publishing site on sp2010, and the permissions you need are:
Site Permissions
Add and Customize Pages
Browse Directories
Personal Permissions
Add/Remove Personal Web Parts
Update Personal Web Parts
The personal web part permissions dont work on their own

You could create your own permission set, where you should set "Add/Remove Private Web Parts" permission and "Update Personal Web Parts" permission, but remove those permissions which you don't like in "Contributor" permission set. Then assign this new permission set to users or groups you need.

Related

SharePoint online O365 hide site contents from gear menu

I am using SharePoint O365 with Nintex Forms for business forms automation. I would like to hide/restrict the Site Contents to the visitors with Read permission.
I tried with assiging Restricted read, also by editing the Read permission level by unchecking the View Application Pages Permission. With this, the Site Contents are hidden, but the Nintex forms are not loaded. Is there any way I can hide it or restrict it if someone manually enter the Site contents url and browses?
By default, users with read permissions could access the site contents page.
As far as I know, there is no other ways to hide/restrict the site contents page. Unchecking the View Application Pages Permission is the only way.

team foundation server sharepoint web site access permissions

Please help.
Am newbie and have hit a snag with TFS and Sharepoint combo. Come from old school where in IIS you right click and set permissions of Web Site, and now I can't find the sharepoint sites in IIS 7 to actually give myself permissions.
When opening the localhost/ sites/ project in IE, i get an Error: Access Denied.
This is the sharepoint site that was set up by TFS when I added a project in Visual Studio 2010 to my TFS ProjectCollection.
How do I get access to the web site?
Regards
Permission is not give to the SP sites directly from IIS.
If you are or you know the SP Site collection administrator, ask them to give you the appropriate access to the SP site you are requesting. Otherwise, if there are no site collection administrators then go a level higher to the SP farm administrator, ask the farm admin to grant make you the site collection administrator for the SP Site collection you are trying to access. The team project site is located under a site collection.
From there you can give other users access to the appropriate SP resources using Site Actions > Site Permissions.
You should be given the permissions inside SharePoint by site collection administrator.
Site collection admin should navigate to localhost/sites/{tfscollection}/{tfsproject}, click Site settings and then People and groups link.
From there, you need to be added to the site and given the appropriate permissions.
There's a really nice utility that makes it easy to view/edit permissions on TFS, SharePoint and Report Server at the same time.
http://tfsadmin.codeplex.com/

Web part personalization permissions on SharePoint 2010

What are the minimum SharePoint 2010 permissions required to allow a user to personalize a web part page, allowing updates and adding web parts to the page but completely restrict the user modifying the shared version?
I initially copied the built-in “Read” permission level and added the “Manage Personal Views”, “Add/Remove Personal Web Parts” and “Update Personal Web Parts” permissions from the Personal Permissions group. This custom permission level was then applied to a user who then viewed a web part page created by the Administrator, which contained only a very simple prototype SharePoint web part. This web part contained a modifiable label which was edited using the “Miscellaneous” section from the Edit Web Part from the standard SharePoint chrome.
With the custom permission level applied the “Miscellaneous” option it is not available to the user upon personalizing the page and selecting Edit Web Part. The “Miscellaneous” option only becomes available to the user when the permission level is further modified to have the “Edit Items” from the List Permissions group. This has the undesired effect of allowing the user to be able to modify the shared version of the page.
Is what I’m trying to achieve even possible?
Many thanks
Check this out: http://akifkamalsyed.wordpress.com/2011/01/17/personalizable-web-part-custom-property-not-shown-for-users-with-contribute-permission-level/
It's probably because you don't have a safecontrol for the webpart with the attribute SafeAgainstScript

Why can't users in the "Visitors" group access my SharePoint 2010 publishing site. It works when i promote them to the "Members" group

When I place a test AD account in the Visitors group they are unable to view any pages on my new intranet site. The users receives the "Error access denied" sharepoint screen and indicates that the account was able to authenticate, but that some authorisation rule is permitting it from viewing the page.
When i remove then and place them in the Members or Owners groups they are able to view the pages as well as perform the expected functions like editing content and creating subsites.
Interesting, while in only the Visitors group, users can view the "All Site Content" page that is located here: /_layouts/viewlsts.aspx but not /pages/default.aspx.
Has anyone experienced this before?
Environment info:
1 Web application, 1 Site collection using the Publishing Portal template. A few custom master pages, lots of custom page layouts and user controls. All deployed via features.
Sharepoint 2010 Standard edition, 64bit running on Windows Server 2008 against SqlServer 2008 Enterprise Edition. Authentication is against AD, not any other forms auth providers etc.
One likely reason for such behavior is that it tries to access a resource on a page which might not have been published to a major version. For example, if versioning was turned on on images library and an image's version is 0.1, if that image was used on version 1.0 (published) of the page, the server would deny access to the visitor and ask for credentials.
Make sure following:
At least one major version of the page exists (page was published at least once)
All resources (images, movie files etc) used on the page are published (to major version)
You can use "Draft Check" button on Page Tab of the Page's ribbon to check the unpublished resources that are used by the page.
I had the same issue and I've finaly found out how to do this:
If you check OOB group access, you can find that Visitors group has limited number of pages where it has granted access.
Navigate to /yourweb/_catalogs/masterpage. Here you'll find many
.aspx files (including default.master).
Open this default.master`s permissions and you see it inherits from
Master Page Gallery.
Click this permissions inheritance and you can see that Master Page
Gallery permissions are not inherited from site collection
permissions.
Give here the Contribute permissions to Style Resource Readers (or
modify it as you'd like) and all users will have access to this web
with no permissions to edit etc..
I had a similar issue and the thing I noted in your Environmental comments was the custom master pages. Go to your Site Settings and ensure that your custom master pages have been published. If you need to publish them also check the corresponding html pages after they have been published as they may need to be republished also.
This worked for me.

Make it impossible for users to remove web parts/zones?

In Sharepoint, is it possible to deny regular users the possibility of removing web parts and/or web part zones? If yes; how?
The options to deny users from closing/moving a web part are in the 'Advanced' section of the web part's tool pane in sharepoint (Accessed via the 'Modify Shared Web Part' option in the web part's menu).
Alternatively you can modify the permission levels for the site (Site settings > Permissions > Settings > Permission Levels) and remove the 'Add/Remove personal web parts' and 'Update personal web parts' permissions from the levels your users run as.
Hope this helps.
This can be controlled through site roles. By default, the available roles are Full Control, Design, Contribute, Read, and Limited Access.
Users that are not members of Contribute or higher will not be able to remove web parts or web part zones for that site.

Resources