In Sharepoint, is it possible to deny regular users the possibility of removing web parts and/or web part zones? If yes; how?
The options to deny users from closing/moving a web part are in the 'Advanced' section of the web part's tool pane in sharepoint (Accessed via the 'Modify Shared Web Part' option in the web part's menu).
Alternatively you can modify the permission levels for the site (Site settings > Permissions > Settings > Permission Levels) and remove the 'Add/Remove personal web parts' and 'Update personal web parts' permissions from the levels your users run as.
Hope this helps.
This can be controlled through site roles. By default, the available roles are Full Control, Design, Contribute, Read, and Limited Access.
Users that are not members of Contribute or higher will not be able to remove web parts or web part zones for that site.
Related
I have a sub-site (http://mysite/documentcenter). My user is in Site Collection Administrators, so I can see and click the move button in site content and structure of sub-site.
But the other users, who has contribute access to all documents, can't see the Move button - it completely disappeared, it's not greyed out.
How can I make the move button display for the other users?
I know this question is a bit old but, you need to have the following Permission Level enabled or Move is not available.
Manage Web Site - Grants the ability to perform all administration tasks for the Web site as well as manage content.
I would be very careful assigning this permission though as it adds a whole slew of additional access for the user(s).
Make sure Add and Customize Pages permissions is present. There could be a Deny mask coming in from User Policy from central admin, which can overwrite Site Collection admin permissions.
We have a teamsite site collection with a number of subsites.
In the sub-sites. We usually break the inheritance and assign specific groups.
Now, our company director needs access to the all teamsites. We have over 100 teamsites. And it is difficult to assign him to each group for each teamsite. furthermore, we would have to remember to add him as a member to the teamsite each time.
Is there a way to add a specific Active directory user or group so that they can access all subsites (thereby overriding any break in the inheritance)
Any help would be greately appreciated.
Thanks,
Joseph
You need to add a web application policy.
If you head into SharePoint Central Administration --> Application Management --> Policy for Web Applications you should be able to set him up with the requisite permissions that will work across the sites within that web app.
For more information, have a look here
(I've voted to have this moved to the SharePoint StackExchange site as it's not really Dev related)
What are the minimum SharePoint 2010 permissions required to allow a user to personalize a web part page, allowing updates and adding web parts to the page but completely restrict the user modifying the shared version?
I initially copied the built-in “Read” permission level and added the “Manage Personal Views”, “Add/Remove Personal Web Parts” and “Update Personal Web Parts” permissions from the Personal Permissions group. This custom permission level was then applied to a user who then viewed a web part page created by the Administrator, which contained only a very simple prototype SharePoint web part. This web part contained a modifiable label which was edited using the “Miscellaneous” section from the Edit Web Part from the standard SharePoint chrome.
With the custom permission level applied the “Miscellaneous” option it is not available to the user upon personalizing the page and selecting Edit Web Part. The “Miscellaneous” option only becomes available to the user when the permission level is further modified to have the “Edit Items” from the List Permissions group. This has the undesired effect of allowing the user to be able to modify the shared version of the page.
Is what I’m trying to achieve even possible?
Many thanks
Check this out: http://akifkamalsyed.wordpress.com/2011/01/17/personalizable-web-part-custom-property-not-shown-for-users-with-contribute-permission-level/
It's probably because you don't have a safecontrol for the webpart with the attribute SafeAgainstScript
Outside of the "My Site" page in SharePoint, is there any way to allow my sites visitors/users to add or remove web parts on pages without giving them contributor writes? I'm working on a corporate intranet that is being built with SharePoint and they want the home page of the site to be highly personalizable. But besides the "My Site" page, I don't know of any way to allow all of the visitors to add or remove web parts. Can anyone provide any guidance? Thanks.
I tested this with a publishing site on sp2010, and the permissions you need are:
Site Permissions
Add and Customize Pages
Browse Directories
Personal Permissions
Add/Remove Personal Web Parts
Update Personal Web Parts
The personal web part permissions dont work on their own
You could create your own permission set, where you should set "Add/Remove Private Web Parts" permission and "Update Personal Web Parts" permission, but remove those permissions which you don't like in "Contributor" permission set. Then assign this new permission set to users or groups you need.
I've got a SharePoint application and I'm sad to say that in my SharePoint-induced excitement, I ignored a lot of the security concerns I should have been paying more attention to. Though we didn't before, now we actually need granular security, so I need to get educated. I'm mostly interested in how to best create groups and add users to those groups. We have a single main site collection and a couple dozen subsites under that collection. How can I best create a granular security world where I can independently assign rights to each of these subsites?
To have permissions vary at the "sub site" level which is the SPWeb object in object model terms you need to enable unique permission for the site.
A good article outlining the permission hierarchy in SharePoint 2007 can be found on the office web site About controlling access to sites and site content
In my experience if you are able to use permission inheritance over granular security it's much less hassle to manage.
Breaking site permission inheritance
Click "People and groups"
Click "Site permissions"
From the actions menu in the list click "Edit Permissions"
http://blog.richfinn.net/content/binary/WindowsLiveWriter/InstallandConfiguretheCommunityKitforSha_E660/image_3.png http://blog.richfinn.net/content/binary/WindowsLiveWriter/InstallandConfiguretheCommunityKitforSha_E660/image_3.png
Other references
SharePoint 2007: Permissions, permissions, permissions.
SharePoint 2007 SiteGroups - part 1 - the basics