I have a site collection and user A is having Design permissions in it.I created a subsite inheriting parent permissions and now I need to give just read permissions to user A in my subsite.
I have tried going to users and group of subsite ..created new group having read permissions and added that user into it...but its not working any idea ...how I can do this?
If the subsite is inheriting permissions, the user will inherit the design permission he has on the parent site.
You have to break the subsite inheritance (edit permissions) and then you can remove the users design permissions and add them to the Visitor group to give read access. Doing so in this way will not change the permissions on the parent site.
Related
Is it possible to set VIEW only permission to a single document library file (DLFileEntry) to the users of a different site.
Example : DocumentA exists in SiteA and I want to set view permissions to all the users of SITEB only to this document.
Thanks for reading.
-Mike
You'll need some kind of indirection: Permissions in Liferay are handled through roles (teams behave as roles as well), not by other arbitrary groups of users. If you assign all the users to a user group and make that user group member of the site in question, as well as assign them to a role that you create for this purpose.
I have a full control permission of our team's Sharepoint site (I think it's Sharepoint 2010, but could also be 2013... I can't tell). For test purpose I created a subsite within this site. I set the subsite to not inherit the parent site's permission and make myself the only user who can see and access the subsite. Later I removed myself as the user of this subsite (i.e. this subsite has no user and no admin). Now whenever I am in the main site, I still can see the link to this subsite, but I cannot access it (it says 'access denied'... I also can't delete this subsite). I would consider this a flaw that Sharepoint lets me make my subsite unreachable, but is there any away I can regain access to this subsite?
Is there perhaps any permission that is more powerful than Full Control?
p.s. this can also happen with document libraries, list, etc.
If you have permission for it, make yourself Site Collection Owner. After that you can access your subsite again.
Add or change a site collection administrator
At the top level of your site collection, click Site Actions and
then Site Settings.
Under Users and Permissions, click Site Collection Administrators.
In the Site Collection Administrators field, type or browse to find
the name of the person you want to designate a site collection
administrator.
Click OK.
I have created a 'Site User' role which is appropriate for users who will be Viewers on every available portlet. For example a user with this role should be only allowed to view documents in Documents and Media portlet but not allowed to add a new document or edit an existed.
I have defined the proper permissions in my Site role, however users with this Site role are still able to create events or add documents etc.
All these users are also assigned with the Social Office User role but as I'm seeing there is no such permission granted from this role.
I'm wondering if this is a normal behavior or the only solution is to modify portlets in a way that they won't allow users without the 'Site Admin' role to perform certain actions.
They're most likely still assigned to the "User" role (portal wide), or gets the permission from being a "Site Member". As you can't remove permissions, only add them through roles, check these roles for their bundled permissions.
They're assigned as default to Site Member role as Olaf stated. Look this file:
https://github.com/liferay/liferay-portal/blob/master/portal-impl/src/resource-actions/documentlibrary.xml
As Site Member you have :
<site-member-defaults>
<action-key>ADD_DOCUMENT</action-key>
<action-key>ADD_FOLDER</action-key>
<action-key>ADD_SHORTCUT</action-key>
<action-key>SUBSCRIBE</action-key>
<action-key>VIEW</action-key>
</site-member-defaults>
as default action permissions.
In sharepoint 2007 how can i give custom user permissions to a page where anonymous access is enabled for its parent site?
This page must be anonymously accessible but editable by only selected domain users. I cannot set permissions on page's parent site because in the same site, different pages must be editable by different people, though i have to set permissions on pages. But when I break the permission inheritance on the pages in order to give custom permissions to users, anonymous access is not working.
Where do you break the permission inheritance? On site, list or folder in the list level? Anyway if you break the permission inheritance somewhere within the list or library you should try to set the anonymous permission mask of the SPList instance (see here for a reference: http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.splist.anonymouspermmask.aspx).
I have been working with a scenario similar to yours with 2007 and did not have any problems...
I have a SharePoint site which contains a root site and site collection in it. Now there are some sites that inherits permissions from their parent site and some site has their own permission module. Now a user from owner group of root site browses site collection but there are few site which doesn't allow user to view the content of it.
Now what I want is general recommendation on when creating a new site in SharePoint what is best possible approach to set site permission.
In what case we can inherits permissions from parent site..?
In what case we can we us unique permission for a site..?
If a site has unique permission set then is it possible to creat a group at root level which has access to all site collection irrespective of site permission model?
I want a general recommendation based on above scenario.
Any help will be appriciable.
Thanks
Sachin
In many cases we can't inherit permission in all subsites/ lists. And if we are not inheriting it we can't create a new group which have same permission in all sites/lists. But we can overcome it with the following way.
Create some common permission group with deferent permission level. And create site with inheriting permission and remove user groups from new sites except the common group.
If a new user wants access in all sites/ list you can add this user in appropriate common group.