Added user to SharePoint Group -- Not inheriting the groups rights

Similar Messages

• Add user to sharepoint group using REST API

  I am trying to add a user to sharepoint group with following code
  serviceUrl= Appweb + "/_api/SP.AppContextSite(@target)/web/sitegroups("+GroupId+")/users?@target='host web'";
      $.ajax({
          url: serviceUrl,
          type: "POST",
          contentType: "application/json; charset=utf-8",
          dataType: 'json',
          body: "{'__metadata': { 'type': 'SP.User' },'LoginName':'i:0#.f|membership|'+email }",
    headers: {"accept":"application/json;odata=verbose",
      "content-type": "application/json;odata=verbose",
      "X-RequestDigest":$("#__REQUESTDIGEST").val()
      async: false,
    success: function (data) {
             alert('success');
    error: function (data) {
               alert('fail');
  The request goes to error function. Response of the request is Microsoft.SharePoint.Client.InvalidClientQueryException and message is A node of type 'EndOfInput' was read from the JSON reader when trying to read the start of an entry. A 'StartObject' node was
  expected
  I tried the sample from following link but fail it
  https://msdn.microsoft.com/en-us/library/office/dn531432.aspx

  Hi,
  Per my understanding, you might want to add an user to a SharePoint group in host web from a SharePoint Hosted App using REST API.
  Here is a working demo for your reference:
  var hostweburl;
  var appweburl;
  $(document).ready(function () {
  //Get the URI decoded URLs.
  hostweburl = decodeURIComponent(getQueryStringParameter("SPHostUrl"));
  appweburl = decodeURIComponent(getQueryStringParameter("SPAppWebUrl"));
  // Resources are in URLs in the form:
  // web_url/_layouts/15/resource
  var scriptbase = hostweburl + "/_layouts/15/";
  // SP.RequestExecutor.js to make cross-domain requests
  $.getScript(scriptbase + "SP.RequestExecutor.js", loadPage);
  // Utilities
  // Retrieve a query string value.
  // For production purposes you may want to use a library to handle the query string.
  function getQueryStringParameter(paramToRetrieve)
  var params = document.URL.split("?")[1].split("&");
  for (var i = 0; i < params.length; i = i + 1)
  var singleParam = params[i].split("=");
  if (singleParam[0] == paramToRetrieve) return singleParam[1];
  function addUsersInGroup() {
  var executor;
  // Initialize the RequestExecutor with the app web URL.
  executor = new SP.RequestExecutor(appweburl);
  executor.executeAsync({
  url: appweburl + "/_api/SP.AppContextSite(@target)/web/sitegroups(8)/users?@target='" + hostweburl + "'",
  method: "POST",
  contentType: "application/json; charset=utf-8",
  dataType: 'json',
  body: "{'__metadata': { 'type': 'SP.User' },'LoginName':'i:0#.f|membership|[email protected]'}",
  headers: {
  "Accept": "application/json; odata=verbose",
  "content-type": "application/json;odata=verbose",
  "X-RequestDigest":$("#__REQUESTDIGEST").val()
  success: addUsersInGroupSuccessHandler,
  error: addUsersInGroupErrorHandler
  function addUsersInGroupSuccessHandler(data)
  console.log(data);
  var jsonObject = JSON.parse(data.body);
  console.log(jsonObject);
  function addUsersInGroupErrorHandler(data)
  console.log(data);
  var jsonObject = JSON.parse(data.body);
  console.log(jsonObject);
  Thanks 
  Patrick Liang
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected].

• New to the Apple and I want to set up a user account that will not delete the guest users files and allow and preserve their personal settings after log out. Is this possible?

  New to the Apple and I want to set up a user account that will not delete the guest users files and allow and preserve their personal settings after log out. Is this possible?

  The built-in guest user account will not do this. Simply create a new standard account and call it "Guest" or "Guest Users" or whatever you like.
  Go to System Preferences > Users& Groups, click "+" to make a new account.

• Export failing with "The user does not have the required rights to perfrom

  We are testing an upgrade to BOXI 3.1.  We use the CrystalReportViewer .net web control to view the report.  When the export button is clicked and the Crystal Reports file format is selected, the following error message is displayed:
  "The user does not have the required rights to perfrom this operation. Please contact your administrator. "
  Notice that perfrom is not spelled correctly.  This is what actually gets displayed.
  I'm not too concerned about the spelling, but I do want to fix the error.  So I checked the security on the folder and the user does have full control.  Both advanced security options are selected:
  -View document instances that the user owns
  -Export the report's data
  So what else could be causing this?

  I had applied the full control access to the wrong group.  Once I applied that access to the user that actually generates the report, it worked.

• I have a pdf file with the added sounds, so I can not run the sound in adobe reader XI on my tablet samsung galaxi pro (android)

  I have a pdf file with the added sounds, so I can not run the sound in adobe reader XI on my tablet samsung galaxi pro (android)

  Thanks for writing to us. Unfortunately, such advanced javascript support is currently not provided by Adobe Reader for Android.
  Thanks,
  Adobe Reader Team

• I have completed an online form and am trying to send it to the organization. When I say submit, it tries to connect to File:///C/users/Gail/Downloads and not to the organisations site

  I have completed an online form and am trying to send it to the organization. When I say submit, it tries to connect to File:///C/users/Gail/Downloads and not to the organisations site

  There's nothing you can do about it. Report the problem to the organization. They need to fix it and send you a new version of the PDF.

• Web dynpro Abap not inheriting the Portal theme

  Hi,
  My Web Dynpro Abap is not inheriting the Portal theme. My understanding is that for NW2004, EP7, Web Dynpro Abaps would automatically inherit the Portla theme. Is there some coding required or pre-config of some sort that I have missed to allow the Portal theme inheritance?
  thanks
  C

  Hi,
  see also the [documentation|http://help.sap.com/saphelp_nw70/helpdata/en/46/89af7fbe4d429ee10000000a1553f7/frameset.htm]
  Regards, Heidi

• How do you fix the ipod when its not playing the music right when it makes noise

  How do you fix the ipod when its not playing the music right when it makes noise

  Hi Nicole,
  Try resetting it (nothing will be lost): Hold down the Home and Power buttons at the same time and continue to hold them down until the Silver Apple appears (up to 30 seconds). The Home screen should redisplay after the reset is complete.
  Cheers,
  GB

• Adding Users from sharepoint into Active Directory Groups

  I have a requirement for Approval Workflow where the Approved User gets added   to AD group directly,i think 2 way sync is possible.plz help

  Out of the box, I really doubt that this is possible BUT it can more than likely be achieved via the Object Model.  A good discussion and some attached code can be seen here.
  https://social.technet.microsoft.com/Forums/office/en-US/a1905a01-e7a7-458b-a7a6-d24cd4e19e09/action?threadDisplayName=add-a-user-in-ad-group-from-sharepoint
  Steven Andrews
  SharePoint Business Analyst: LiveNation Entertainment
  Blog: baron72.wordpress.com
  Twitter: Follow @backpackerd00d
  My Wiki Articles:
  CodePlex Corner Series
  Please remember to mark your question as "answered" if this solves (or helps) your problem.

• Access denied when adding people to SharePoint group

  Hi all,
       I've been having problems with my SharePoint 2010 deployment that wasn't deployed by me. Sound familiar? Anyways, here is my problem: I try to add people to a SharePoint group and I'm getting:
  Access Denied.
  You do not have permission to perform this action or access this resource.
  Troubleshoot issues with Microsoft SharePoint Foundation.
  Correlation ID: 930333d7-64dc-4135-8f51-686303a9847c
  Date and Time: 7/29/2014 2:21:11 PM
  I've been having problems with pulling AD members in one of my site collections for awhile now. Been troubleshooting with what information I can find online. One step I took was to blank out the LDAP search string for each site collection so that it's not
  limited to certain OUs. 
  Also I am getting security log entries that my farm account is trying to authenticate as a privileged [administrative permissioned] account for an employee that is no longer with us. Coincidentally enough he's the one that deployed this SharePoint solution
  originally.
  I need help in tracking down why I cannot add users to groups in this one site collection; but my root site collection I can add people no problem.
  Environment:
  Server1: SQL 2008 R2 on Windows Server 2008 R2
  Server2: SharePoint 2010 with Enterprise CALs on Server 2008 R2
  Current event viewer entries of note:
  Load control template file /_controltemplates/TaxonomyPicker.ascx failed: Could not load the assembly ';Microsoft.SharePoint.Portal, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c'. Make sure that it is compiled before accessing the page.
  Object Cache: The super user account utilized by the cache is not configured. This can increase the number of cache misses, which causes the page requests to consume unneccesary system resources.
  To configure the account use the following command 'stsadm -o setproperty -propertyname portalsuperuseraccount -propertyvalue account -url webappurl'. The account should be any account that has Full Control access to the SharePoint databases but is not an application pool account.
  Additional Data:
  Current default super user account: SHAREPOINT\system
  A logon was attempted using explicit credentials.
  Subject:
  Security ID: domain\farm_account
  Account Name: farm_account
  Account Domain: domain
  Logon ID: 0x79c13
  Logon GUID: {e25efc28-8db1-ea76-9a8e-6d0143a681d9}
  Account Whose Credentials Were Used:
  Account Name: former_admin_employee
  Account Domain: domain
  Logon GUID: {00000000-0000-0000-0000-000000000000}
  Target Server:
  Target Server Name: domain_controller.domain.net
  Additional Information: domain_controller.domain.net
  Process Information:
  Process ID: 0x13b0
  Process Name: C:\Windows\System32\inetsrv\w3wp.exe
  Network Information:
  Network Address: -
  Port: -
  This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

  Hello,
  > he's the one that deployed this SharePoint solution originally.
  Are you trying to add user by custom solution? If so then it seems your code is using the impersonate method to run code with admin privileged (i.e. RunWithElevatedPrivileges or User token).
  If this is the case then you have to first add new account as site collection in site then change that web application pool identity on IIS. Go to IIS-->select your web app pool-->then  go to properties and  verify which account is been used
  there. If it is old then replace with your account.
  Let us know your result
  Hemendra:Yesterday is just a memory,Tomorrow we may never see
  Please remember to mark the replies as answers if they help and unmark them if they provide no help

• SP 2010-After adding user from IIS is not found in central admin

  Hi Experts,
  I am trying to configure my SP 2010 with Form Based Authentication.
  After configuring WebSite, STS and Central Admin I added the user from IIS , But not able to found from central admin in Form Authentication.
  I checked in database the user is added.
  I followed the below blog .
  http://jasear.wordpress.com/2012/03/16/sharepoint-2010-setting-up-form-based-authentication-fba-using-asp-net-sql-membership-provider/
  Can experts help me how to get the added user to central admin.
  Thanks
  AshisK

  I was finally able to get the FBA working. After many failed attempts, I knew there was a configuration issue which was causing the error.
  I provided connection string and provider details at 4 places, instead of the 3 mentioned  in various blogs around ->
  1. Sharepoint Central Admin
  2. Sharepoint Web Services
  3. SecurityTokenServiceApplication
  4. And finally the web application itself.
  The connection string for 2nd and 3rd will remain same however, provider details need to be added.
  After completing this step, I was able to login using Form Based Authentication without an issue.
  AshisK

• Unable to remove user from SharePoint Group using PowerShell

  I am trying to remove a user from a SharePoint Group using PowerShell.
  I can see the user in the Site Collection as part of the SharePoint Group, however, when I attempt to run the script, I get an error message stating "Can not find the user with ID: 10"
  Below is the PowerShell script that I am using:
  $url = "https://sharepointdev.spfarm.spcorp.com/sites/desitecoll"
  $userName = "spfarm\sp2013_svc"
  #$userName = "spfarm\spprofileimport";
  $site = New-Object Microsoft.SharePoint.SPSite($url)
  $web = $site.OpenWeb()
  $siteGroups = $web.SiteGroups;
  Clear-Host
  $mySiteGroups = @();
  foreach($group in $siteGroups)
  Write-Host $group
  $mySiteGroups += $group;
  }#foreach
  $members = $web.SiteGroups[$mySiteGroups[0]];
  $owners = $web.SiteGroups[$mySiteGroups[1]];
  $visitors = $web.SiteGroups[$mySiteGroups[2]];
  #Remove the user from the specified SharePoint Group
  $spUser = Get-SPUser -Identity $userName -Web $url
  Write-Host $spUser.ID
  Remove-SPUser -Identity $spUser -Web $url -Group $owners
  $web.Update();
  $web.Dispose();
  Write-Host "User " $userName "removed from " $owners
  Please advise.

  I had to update the code to the following because Get-SPUser was not working properly:
  $url = "https://sharepointdev.spfarm.spcorp.com/sites/desitecoll"
  $userName = "spfarm\spprofileimport";
  $site = New-Object Microsoft.SharePoint.SPSite($url)
  $web = $site.OpenWeb()
  $siteGroups = $web.Groups;
  Clear-Host
  $mySiteGroups = @();
  foreach($group in $siteGroups)
  Write-Host $group
  $mySiteGroups += $group;
  }#foreach
  $members = $web.Groups[$mySiteGroups[0]];
  $owners = $web.Groups[$mySiteGroups[1]];
  $visitors = $web.Groups[$mySiteGroups[2]];
  #Convert the user name to an SPUser account
  $spUser = $web.Site.RootWeb.EnsureUser($userName);
  Write-Host $spUser.ID
  Remove-SPUser -Identity $spUser -Web $url -Group $owners
  $web.Update();
  $web.Dispose();
  Write-Host "User " $userName "removed from " $owners
  Was I not using Get-SPUser correctly?

• Script Help - Adding Users from AD Group to Computer Object Attribute

  Environment:
  Computer Objects have the following name convention - USERNAME-INV#-PC.  An example is TEST1-54321-D.  There is a GPO in place that adds any user populated under the managedBy attribute in a computer object to the administrators group for that computer
  object.
  Scenario:
  Create "Local PC Admin" group
  When user TEST1 gets added to the "Local PC Admin" group, a powershell script that runs on an hourly scheduled task goes out and finds any computer object (that is not a server) that has TEST1 in its name.  For example, TEST1-54321-D for desktop
  and TEST1-98765-L for laptop.
  It then adds the user to the managedBy attribute of the computer object and appends the text "added as local admin on <currentdate>" to the computerobject description.
  If TEST2 is added to the group later, the script should see that TEST1 has already been added and only add TEST2 to the managedBy attribute to the appropriate computer as well as the "added as local admin on <currentdate>".
  Still thinking how this can be automated when a user is removed from the "Local PC Admin" group.
  Can somebody please find holes in this scenario or suggest a better method to approach this?

  Security nightmare?  How so?  Regular domain users cannot modify the "managedBy"  computer object attribute.
  The "Local PC Admin" group would be a ADUC security group.  The Help Desk and Network Admins would be the only ones that can either add users to the group or directly modify the "managedBy" computer object attribute.
  The Group Policy that runs against the desktops/laptops looks to see if the managedBy attribute of the computer object is populated.  If so, it adds that user as a local admin to their workstation/laptop and removes any other user/group not specified
  and given local admin rights.  This would only be done for a handful of users (those in the Local PC Admin group) that need admin access ; in other words, the attribute would only be populated for a few computer objects and not the entire organization.
   If it is not populated, it does nothing and leaves the default admins on it. 
  More info on how the GPO works here: http://fbinotto.blogspot.com/2014/01/making-user-object-set-in-managedby.html

• Adding users to PAB group with same last name as existing

  Cannot add user to PAB group when user has same last name as an existing Group member.
  Seems to work, see number tick up and green bar flash, but, never really adds.

  Joea,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/

• Webcenter group space access denied for newly added user in oid group .

  Hi All,
  We have upgraded our webcenter with latest version 11.1.1.4.
  We have created a groupspace where we set the acceess for group space usiing add groups .
  Suppose i have added userRoles1 to get access of this groupspace.
  Now i am adding another user part of this usergroup from some oid console .
  I am able to see this user in the member of this userRoles but whenever this user
  is trying to access this gs getting unauthorized access message .
  Any pointer please .
  Regards ,
  Arun

  Hi,
  User Account Control treats members of the Administrators group as standard users.
  With UAC enabled, members of the local Administrators group run with the same access token as standard users. Only when a member of the local Administrators group gives approval can a process use the administrator’s full access token. This process is the
  basis of the principle of Admin Approval Mode.
  When an administrator logs on to Windows Vista or newer, the Local Security Authority (LSA) creates two access tokens. If LSA is notified that the user is a member of the Administrators group, LSA creates the second logon that has the administrator rights
  removed (filtered).
  To work around this issue, use the net use command together with a UNC name to access the network location.
  Programs may be unable to access some network locations after you turn on User Account Control in Windows Vista or newer operating systems
  http://support.microsoft.com/kb/937624
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.