Lock a custom site permission level

Similar Messages

• Retail customer - Site (Store) level authorization

  Dear All,
  We are implementing IS Retail for retail store chain customer.
  As I understand, in retail, Plant is replaced by Site and each store is considered a site, which obviously will be an org level.
  Now our customer want that, for example, a store manager for one store should not have access to other store details. So given that we will go live with 1500 stores, will I have to create 1500 roles for 1500 store managers ???
  As expected this is a nightmare situation, where I am supposed to create a role for each user at each store and distribution centre.
  Is there a workaround??
  regards, Sean.

  Dear All,
  I know it's little late to update this thread, but can anyone please help me out here with any steps to use ECATT.
  I have created a global role with * for Site org level. Now I have to create 140 similar roles but with different value for each Site.
  Help surely appreciated
  regards, Sean.

• Permission Level

  I have custom permission level, however I need to break the permission from the parent site and set a custom permission for this sub site. Please advice detail instructions on how to do this without breaking the parent site permission level.
  Renee W

  Hi
  check this similar post
  https://social.msdn.microsoft.com/Forums/ro-RO/83bf0883-986e-4881-8470-9e012624bc05/custom-permission-levels-subsite-access-global-navigation-and-webpart-permissions-configuration?forum=sharepointadminlegacy
  Romeo Donca, Orange Romania (MCSE, MCITP, CCNA) Please Mark As Answer if my post solves your problem or Vote As Helpful if the post has been helpful for you.

• InfoPath 2013 custom list being locked versus lowering permission levels

  In an InfoPath 2013 custom list, I do not want the user to be able to make changes to the custom list once it has been submitted to the workflow 2013.
  The way I see to meet this goal is either lower the security level of the user to 'read only'. The other option is to lock the custom list record by using the mark a record (a declare a record) Feature.   
  Thus can you tell me what the better option is why you chose that solution?  Would you also tell me what the better user experience is? Basically there would be no selection like 'edit' or 'delete' when the option is not available.

  > An anti-pattern (or antipattern)
  is a common response to a recurring problem that is usually ineffective and risks being highly counterproductive
  src: http://en.wikipedia.org/wiki/Anti-pattern
  Scott Brickey
  MCTS, MCPD, MCITP
  www.sbrickey.com
  Strategic Data Systems - for all your SharePoint needs

• Regarding creating SharePoint custom permissions not permission level

  Hi All,
  i want to create or manage custom permissions under permission level.
  like
  for list items Manage Lists and add items etc.
  Thanks in advance.
  Kindly suggest me some suggestion
  Varsha Patil

  Use SPSecurityTrimmedControl control to for specific users or group. But still SPSecurityTrimmedControl will not work for full control so you also need to customize permission for full controls users.
  First go to permission level page and modify the permission for full control. uncheck the permission for whom you don't want to show this control (refer below link to know about base permission)
  http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spbasepermissions.aspx
  Then do the same for custom permission level. and now assign this custom permission to group. Later use  SPSecurityTrimmedControl in above menu and then hide/show control for users.
  http://social.technet.microsoft.com/Forums/en-US/9496525a-3f8f-47e3-a3c0-73d9a1670b0d/how-to-make-the-site-actions-menu-invisible-to-certain-users?forum=sharepointgenerallegacy
  http://social.msdn.microsoft.com/Forums/en-US/0dba2a60-204d-44d9-968f-84cd41f52e2d/how-to-hide-site-actions-menu-for-user-group?forum=sharepointcustomizationlegacy
  Hemendra:Yesterday is just a memory,Tomorrow we may never see
  Please remember to mark the replies as answers if they help and unmark them if they provide no help

• Custom permission levels don't work

  I have created a custom permission level group called custom contribute. The group permission seems to work fine and smoothly one day. The next day that it seems that users of the group can access the site but they cannot do anything else on the site without
  receiving the tell us why you need access message.
  The users in the group are accessing SharePoint from all over the world. Is there something that I can check within the settings  to see why they have access one day and the next they don't? Or is SharePoint setup this way?
  I have full control of the site and nothing changes from day to day. Any help or suggestions on this would be greatly appreciated.

  Hi kedge11,
  Please check permissions for the users with this custom permission level from problematic SharePoint site, verify if they still have the expected custom contribute permissions.
  Also test if this issue could be reproduced, if not, please re-create another same custom permissions for these users again.
  If issue still persists, please check ULS log when this error occurs, it should provide some useful information for helping solve issue.
  Thanks
  Daniel Yang
  TechNet Community Support

• Customer Level Contact and Customer Site Level Contact

  Hi,
  How to create a customer level contact and Customer site level contact details for the existing Customer using standard API's. please Guide me any one with Queries.
  It will be great help for me.
  Thanks,
  Prakash

  Pl post your EBS version. For 11i, all public APIs are listed at http://irep.oracle.com. For R12, APIs can be explored using the Integration Repository responsibility in your instance
  HTH
  Srini

• Check if Custom Permission level exists or not

  I have cretaed a custom permission level.
  On feature activation, i need to check if that custom permission level exists or not. How can i do that?
  Thanks,
  Avni Bhatt

  Check if below helps
  SPWeb web = SPContext.Current.Web;
  // Validate the page request to avoid
  // any malicious posts
  if (Request.HttpMethod == “POST”)
     SPUtility.ValidateFormDigest();
  // Get a reference the roles that are
  // bound to the current user and the role
  // definition to which we need to verify
  // the user against
  SPRoleDefinitionBindingCollection usersRoles = web.AllRolesForCurrentUser;
  SPRoleDefinitionCollection roleDefinitions = web.RoleDefinitions;
  SPRoleDefinition roleDefinition = roleDefinitions["Full Control"];
  // Check if the user is in the role. If not
  // redirect the user to the access denied page
  if (usersRoles.Contains(roleDefinition))
     //Check if post back to run
     //code that initiates the page
     if (IsPostBack != true)
      //Do your stuff here
  else
     Response.Redirect(“/_layouts/accessdenied.aspx”);
  http://blog.rafelo.com/2008/10/13/programmatically-checking-user-roles-or-permission-levels-in-sharepoint-2007/
  http://yoursandmyideas.wordpress.com/2011/10/08/setting-custom-permission-levels-in-sharepoint-programmatically/
  Or check if it exist and then delete and recreate it
  string[] yourCustomRoles = {"Level1", "Level2"};
  using (var web = spSite.OpenWeb())
  var roles = web.RoleDefinitions;
  foreach(var levelName in yourCustomRoles)
  try
  roles[levelName];
  roles.Delete(levelName);
  catch(Exception)
  // web has no this role
  //Add code here
  http://go4answers.webhost4life.com/Example/delete-specific-permissions-108626.aspx

• Custom Permission Level Contribute No Delete not working

  I have created a custom permission level that is the same as OOTB Contribute, except it doesn't have the Delete Items nor Delete Versions.
  In my document libraries, I have "require documents to be checked out" set to Yes.
  This is causing some strange behaviour.  When a user (that has my custom Contribute No Delete permission) tries to open a document for editing, they get a message that the document is checked out to their own username, and it won't allow
  them to edit the document.
  What is the best way to remove the "Delete" permission?  We absolutely need this.
  thanks!

  Are you given an option to check it back in via the "back-stage" area? 
  I'd also say that the highest permission grouping wins.  If one group grants a right and another removes it, the additive grouping will win out.  As well as checking the inheritance, it's ideal to remove permissions that might grant this.
  Steven Andrews
  SharePoint Business Analyst: LiveNation Entertainment
  Blog: baron72.wordpress.com
  Twitter: Follow @backpackerd00d
  My Wiki Articles:
  CodePlex Corner Series
  Please remember to mark your question as "answered" if this solves (or helps) your problem.

• How to set permission levels per site collection

  Hello,
  A site collection would have 700 sites , with the same (new) permission levels. Is there a way (apart from programming) to copy these permission levels?
  Thank you.
  Christos

  Hello,
  Check this link
  http://social.technet.microsoft.com/Forums/en-US/bdb82f15-6d9c-47b3-b511-f8e019347895/how-to-set-permissions-to-list-item-sharepoint-programmatically
  Thanks!

• API to Nullify customer site level credit limits and currency

  Hi All,
  We need to nullify customer site level credit limits (CREDIT_LIMIT) and currency (CR_LIMIT_CURR_CODE) in prod. Is there any API to Nullify customer site level credit limits (CREDIT_LIMIT) and currency (CR_LIMIT_CURR_CODE) for Oracle 11i ( 11.5.9). There are many customers so its difficult to do it manually.
  Please let us know,its urgent.
  Thanks in Advance.
  Thanks,
  APAC

  Refer MOS note:
  Can we create Credit Limits at Party Level? [ID 414997.1]
  Different uses of TCA API. [ID 230753.1]

• Managed custom properties at site collection level when used as refiner returns no value in search result web part

  I have created certain crawled properties and mapped them to the OOB managed properties( refineable active )  in search schema at site collection level and tried to use them as refiner in the search
  site at farm level but it returns no value.
  But when i use the same crawled property and map it to a service level OOB metadata property ( refineable active ) and use it in search as refiner it returns result , Can you help as to why this difference is there.
  What steps should i do so that site level refiners also work in the enterprise search 
  Thanks in advance

  Hi  Dextar,
  According to your description, my understanding is that you want to create a site level refiner in SharePoint 2013.
  Here is a detailed blog you can refer to:
  http://blogs.technet.com/b/tothesharepoint/archive/2013/11/11/how-to-add-refiners-to-your-search-results-page-for-sharepoint-2013.aspx
  Be aware that any changes in the manage property required full crawl.
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• Worklow 2013 locking a custom list

  In a SharePoint 2013 workflow I have a custom list where I am having users submit to the workflow. Once the user submits the custom list to the workflow 2013, I do not want users to be able to make changes to the custom list. I basically want to 'lock' the
  custom list so the user cannot make changes. I do not want to disable buttons unless I need to since I am using the auto generated buttons submitted by SharePoint.
  I am going to use 'declare a record (mark a record)' and not the app model to raise security levels. I am not picking the app model since you will not know who actually changed the record if most of the code that I need to execute would be in the app
  model or impersonate step.
  Thus can you tell me the following:
  1. Am I correct about the app model or impersonate? If not, can you tell me what facts I am incorrect about?
  2. Can you tell me how to 'declare a record (mark a record)'? Basically I am on my own test SharePoint 2013 website and I am thinking of activating this feature.

  Hi Wendy,
  #1. The App Step runs with the app permission which has full control by trusting the workflow and the Impersonationstep runs the actions inside the step as the user who authored the workflow.
  When elevating permissions for a workflow isrequired, then we can consider to use app models and impersonation step.
  For your issue, you just want to make the users not be able to edit the items, then you can use declare as a record instead of changing the permissions of the users.
  #2. To be able to use Declare as a record function, we need to enable In Place Records Management feature in Site Collection Features.
  Go to Site settings page of the root site > Site collection features.
  After that, we need to go to the List settings page and then click Record declaration settings and select Always allow the manual declaration or records. Then we can use that feature.
  Thanks,
  Victoria
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Victoria Xia
  TechNet Community Support

• Sharepoint 2010 Permission level Full Control and explicit deny

  I am facing a very frustating permission level issue with Sharepoint 2010. First, everything worked as expected up to few days ago.
  I have a user on my sharepoint 2010 env (publishing portal) named rjo who is site collection administrator and has also Full Control permission level.
  When I execute the Check Permission command from the ribbon I get the following:
  Permission levels given to xxxx\rjo
  Full Control
  Given through the "xxx Owners" group.
  The following factors also affect the level of access for xxx\rjo (xxx\rjo)
  Deny
  Manage Permissions
  Create and change permission levels on the Web site and assign permissions to users and groups.
  Deny
  Create Subsites
  Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.
  etc.. Seems like all the individual permissions are set to deny.
  If I remove the user rjo from the Full Control permission level, all the deny permissions disappear. I have tried creating a brand new permission level with Allow permission on al items but I still get the deny when I check the permissions. Notice that this
  happens for all the users.
  Does anyone experienced a similar issue? I suspect some kind of Windows update to have messed up the permissions but I cannot find a way to get proper permissions to my users.

  I had a similar issue.  When checking user permissions on any member of the site collection Owners group, the results were similar to those posted above.  Also noticed that some buttons on the ribbon were missing.  Also found that no user
  could add content to Library.  The Add button was missing.  Issue was only happening on one site collection in the web application, so it was not a Web App Policy issue.
  Eventually discovered that the site collection was locked as read-only.
  Central Administration > Application Management > Configure Quotas and Locks
  change the web application and site collection as needed to view setting for the affected site collection
  Found lock set to 'Read-only'  Changed to 'Not Locked'

• Webserver - setting permissions for Custom Sites

  Quick q on setting permissions for custom sites default. Default home for custom (non-default) web site is:
  /Library/Server/Web/Data/Sites/ 
  and whatever subdirectory you stipulate, e.g. MyServer - or whatever.
  Server sets this as owner:
  drwxrwxr-x   7 root  admin  238 Mar  8 15:34 CustomSitesDefault
  drwxrwxr-x  16 root  admin  544 Mar  8 15:38 Default
  For security, shouldn't the permissions and ownership be changed - to some webamin user WITHOUT root privs? Or will this break Lion Server? Thanks.

  Hello,
  One option would be to disable the automatic Project Site Sync in the User Sync Settings Page, create custom permission levels and groups on your SharePoint Project site template(s) to meet your requirements - make use of default SharePoint groups where
  possible, save the new template(s) and attach the new templates to the EPTs. Then develop a Project Server event handler that adds the users to the Project Site on the Publish event (or what ever event you like). The project owner one is simple - just add
  the project owner to the new SharePoint group, project members - just read the project team and add those users and the visitors just add a domain AD group (Domain Users for example) to that group.
  Default Project Server sync settings / site permissions can be seen here:
  http://technet.microsoft.com/en-gb/library/cc197668(v=office.14).aspx
  Paul
  Paul Mather | Twitter |
  http://pwmather.wordpress.com | CPS