Managing users to provide access on multiple lists having unique permissions.

I have 20 lists in a site coll and all are having unique permissions and the reason of why i have stop inheritance is to not giving users edit access on site pages but should have full access on lists. If i used inherited permission and want to give full
access to list, i have to check 'manage lists' in the permission level which provides user edit permission or some unauthorized access in to the page.
So, because in order to overcome this i have created two permission level: for
page view & for list/library view and stop inheritance on library and give users
list/library view access in it to let them access the lists/library.
it makes the management very high in terms of new user access. For this i have to go to  more than 20 places and grant permission to that particular user. How can i manage and use it in effective way...please help me on this..!!

Hello Mohit,
I would suggest to create groups based on permission level you have given and add the users to those groups.
For all the lists you will add the groups for the permissions, so whenever you want grant/remove access to users you will add/delete the user from that group.
My Blog- http://www.sharepoint-journey.com|
If a post answers your question, please click Mark As Answer on that post and Vote as Helpful

Similar Messages

  • Set Single user with reviewer access to multiple conference room calendars

    Want to add a single user with reviewer access to multiple conference room calendars, used the below but it given a below error , Single user i am able to add but single user for multiple confernce room calendars hot happening.
    Import-csv C:\smtp1.csv | foreach-object {Add-MailboxFolderPermission -identity $_mail":\Calendar" -User "Mike" -AccessRights "Reviewer"}
    Smtp1.csv
    mail
    [email protected]
    [email protected]
    Error:--
    [PS] C:\>Import-csv "C:\smtp1.csv" | foreach-object {Add-MailboxFolderPermission -identity "$_mail:\Calendar" -User "Mike" -AccessRights "Reviewer"}
    The specified mailbox "\Calendar" doesn't exist.
        + CategoryInfo          : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], ManagementObjectNotFoundException
        + FullyQualifiedErrorId : 78C23328,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission
    The specified mailbox "\Calendar" doesn't exist.
        + CategoryInfo          : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], ManagementObjectNotFoundException
        + FullyQualifiedErrorId : 78C23328,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission
    The specified mailbox "\Calendar" doesn't exist.
        + CategoryInfo          : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], ManagementObjectNotFoundException
        + FullyQualifiedErrorId : 78C23328,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission
    The specified mailbox "\Calendar" doesn't exist.
        + CategoryInfo          : NotSpecified: (0:Int32) [Add-MailboxFolderPermission], ManagementObjectNotFoundException
        + FullyQualifiedErrorId : 78C23328,Microsoft.Exchange.Management.StoreTasks.AddMailboxFolderPermission

    i tried with that as well but getting the below
    A positional parameter cannot be found that accepts argument ':\Calendar'.
        + CategoryInfo          : InvalidArgument: (:) [Add-MailboxFolderPermission], ParameterBindingException
        + FullyQualifiedErrorId : PositionalParameterNotFound,Add-MailboxFolderPermission
    A positional parameter cannot be found that accepts argument ':\Calendar'.
        + CategoryInfo          : InvalidArgument: (:) [Add-MailboxFolderPermission], ParameterBindingException
        + FullyQualifiedErrorId : PositionalParameterNotFound,Add-MailboxFolderPermission
    A positional parameter cannot be found that accepts argument ':\Calendar'.
        + CategoryInfo          : InvalidArgument: (:) [Add-MailboxFolderPermission], ParameterBindingException
        + FullyQualifiedErrorId : PositionalParameterNotFound,Add-MailboxFolderPermission
    Cannot process argument transformation on parameter 'Identity'. Cannot convert value "" to type "Microsoft.Exchange.Configuration.Tasks.MailboxFolderIdParameter". Error: "Valu
    e cannot be null.
    Parameter name: mailboxFolderId"
        + CategoryInfo          : InvalidData: (:) [Add-MailboxFolderPermission], ParameterBindin...mationException
        + FullyQualifiedErrorId : ParameterArgumentTransformationError,Add-MailboxFolderPermission

  • How to provide access to multiple users connected to a Dumb switch? (multi-auth/multi-domain)

    Good morning everybody,
    I am writing on behalf of not being able to implement a desired outcome in our company network. In fact the situation is as follows:
    What I want to do is to be able to authenticate users (802.1x authentication) in our company radius server and authorize them access by having a dynamic VLAN assignment in a multi-user environment on one and the same port of a Cisco 2960 switch. So far, the authentication and authorization has been working completely smoothly (there are no problems with itself). The concept involves the configuration of both DATA and VOICE VLANs as I there is also phone authentication implemented. In order to simulate this environment I introduce a Dumb switch connected to my Cisco 2960 Catalyst.
    What I have successfully managed to get to work so far is this:
    1) On one switch port I have tried the “authentication host-mode multi-domain” and it worked perfectly for a PC behind a telephone, or with one PC connected to a the dumb switch + the telephone connected to another port of the dumb switch. Logically it is the same situation as there is a separation in two domains – DATA and VOICE. Bellow is an output from show authentication sessions for this scenario.
    Interface  MAC Address     Method   Domain   Status         Session ID          
    Fa0/23     0021.9b62.b79b  dot1x    DATA     Authz Success  C0A8FF69000000F3008E (user1)
    Fa0/23     0015.655c.b912  dot1x    VOICE    Authz Success  C0A8FF69000000F9009F (phone)
    2) On the other hand, when I try the same scenario with the “authentication host-mode multi-auth”, the switch still separates the traffic in two domains and is able to authenticate all users, AS LONG AS they are in the same VLAN.
    show authentication sessions:
    Interface  MAC Address     Method   Domain   Status         Session ID          
    Fa0/23     0021.9b62.b79b  dot1x    DATA     Authz Success  C0A8FF69000000F3008E (user1)
    Fa0/23     b888.e3eb.ebac   dot1x    DATA     Authz Success  C0A8FF69000000F8008C (user2)
    Fa0/23     0015.655c.b912  dot1x    VOICE    Authz Success  C0A8FF69000000F9009F (phone)
    However, I cannot succeed authentication of many users from DIFFERENT VLANs, neither in multi-auth nor in multi-domain modes.
    What I want to get is an output like this:
    Interface  MAC Address     Method   Domain   Status         Session ID          
    Fa0/23     0021.9b62.b79b  dot1x    DATA     Authz Success  C0A8FF69000000F3008E (user1)
    Fa0/23     b888.e3eb.ebac dot1x    DATA     Authz Success  C0A8FF69000000F8008C (user2)
    Fa0/23     0015.655c.b912  dot1x    VOICE    Authz Success  C0A8FF69000000F9009F (phone)
    I want the switch to authenticate the users anytime they connect to itself and for them to have an instant access to the network. (I tell this because I tried scenario 1) with multi-domain mode and authentication violation replace, and it worked but, two users never had access to the “Internet” simultaneously!!!
    The configuration of the interface connected to the Dumb switch is as follows.
    interface FastEthernet0/x                                                      
     description Connection to DUMBswitch                                            
     switchport mode access                                                         
     switchport voice vlan XXX                                                      
     switchport port-security maximum 10                                            
     switchport port-security                                                       
     switchport port-security violation protect                                     
     authentication host-mode multi-auth                                            
     authentication priority dot1x                                                  
     authentication port-control auto                                               
     authentication timer reauthenticate 4000                                       
     authentication violation replace                                               
     dot1x pae authenticator                                                        
     dot1x timeout tx-period 10                                                     
     spanning-tree portfast                                                         
    The way I see it is explained in the following steps:
    - PC1 connects to the Dumb switch. This causes the Cisco switch to authenticate user1. This creates an auth. session with its MAC address linked to a domain DATA.
    - When PC2 connects to the Dumb switch, this causes the violation replace which replaces the recent authenticated MAC address with the MAC of PC2. I would like it once authenticated to appear in the authentication sessions with a link to a new DATA domain linked to the VLAN assigned from the RADIUS server.
    Is this possible? I think (in theory) this is the only way to provide authenticated access to multiple users connecting through Dumb switch to the network.
    Has anybody ever succeeded in such a configuration example and if yes, I would be love to get some help in doing so?
    Thank you
    Stoimen Hristov

    Hi Stoimen,
    I have done a setup similar to yours with the only exception being VLAN assignment. When I used dACLs only, it makes things somewhat easier as the VLAN no longer matters. Remember that the switchport is in access mode and will only allow a single VLAN across it (with the exception of the voice VLAN). I think that is the real cause of your problem.
    From what I can see, you have 2 options available to you:
    1) Use dACLs instead of VLAN assignment. This means that an access list will be downloaded from the radius server straight to the authenticated user's session. I have tested this and it works perfectly. Just Google Cisco IBNS quick reference guide and look for the section that deals with Low Impact mode.
    2) Get rid of the dumb switches and use managed switches throughout your network. Dumb switches will always be a point of weakness in your network because they have no intelligence to do advanced security features like port security, 802.1x, DHCP snooping, etc.
    Hopefully someone else will chime in with another option.
    Xavier

  • List of users who have access to multiple mailboxes

    Hi,
    I got the list of around three hundred generic mailboxes
    Please help me with the command which can help me to get the report of all users who has access on those  generic mailbox.

    Hi,
    If you want to export these permissions to a csv file, you can use the following cmdlet:
    Get-Mailbox -ResultSize Unlimited | Get-MailboxPermission | Where {$_.user -notlike "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} | Select Identity,User,@{Name='Access Rights';Expression={[String]::join(‘, ‘, $_.AccessRights)}} | Export-Csv
    C:\MailboxAccess.csv -NoTypeInformation
    Hope this can be helpful to you.
    Best regards,
    If you have feedback for TechNet Subscriber Support, contact
    [email protected]
    Amy Wang
    TechNet Community Support

  • New user creation for accessing BPM work list

    Hi,
    I have installed AIA in my system and by default it allows me to login to the BPM worklist using AIAIntegrationAdmin user. All the error notifications are also sent to this user.
    If I want to send error notifications to other users and provide them access to BPM worklist, how should i go about it?
    Pointers to this would be great help.

    hi,
    As mentioned i have created a user (named TestUser) in enterprise manager and given him the roles of ascontrol_monitor and ascontrol_appadmin. I have made an entry of this user in users-properties.xml. Still i am not able to login into worklist with this user credentials.
    Please find the user definition I added in users-properties.xml file:
    <userObject>
    <name>TestUser</name>
    <description>Demo User</description>
    <email>[email protected]</email>
    <title>Load Agent 5</title>
    <firstName>Test</firstName>
    <lastName>User</lastName>
    <manager>jstein</manager>
    <timeZone>America/Los_Angeles</timeZone>
    <languagePreference>en-US</languagePreference>
    <notificationPreferences>Mail</notificationPreferences>
    </userObject>
    PLease let me know if i have to make changes at any other places.

  • Blanc list of uniquely secured items

    I have an issue in a 2010 Document Center
    When I go to site permissions, I am warned that "Some content on this site has unique permissions which are not controlled from this page.
    I then click "Show me uniquely secured content".
    I am now presented an overview of "Lists that may contain items with unique permissions".
    I then click "view exeptions" to see the items.
    But in the list that shows up, there are no items, only a note "There are no items in this list that are uniquely secured."
    How can I get to see the items that still triggers the warning about unique permissions?

    Hi,
    When clicking Show me uniquely secured content under site permissions page, we will see exceptions which show all lists having unique permissions. When clicking
    Manage Permissions, we will be redirected to list\lib permissions page where we can check the unique permissions on it.
    Can you please show where do you click "view exeptions" and see note "There are no items in this list that are uniquely secured"?  A screenshot will be perfect.
    Miles LI TechNet Community Support

  • How can we provide access/provide permissions to a user/group for group of folders at single step??

    Hi Nico, Thaks you so much for your reply,, Can you please advice or give me some steps to write script pelase? Regards,Kareem

    Hi All, How can we provide access/provide permissions to a user/group for group of folders  at single step?? I can able to provide access for a single folder at a time. I want provide access to a list of  folders( more than 30 ..) at single step?? Regards,Kareem

  • Workflow to grant access to each List item based on a column value

    Hi,
    I have 2 lists Risks and RisksLookup.
    In Risks, I have Title, Description, service impacted and status columns.
    In RisksLookup, I have service impacted, AD1, AD2, AD3, AD4 and AD5.
    I have a requirement where in I have to write a Workflow to provide access to each List item based on the value of service impacted. i.e. If service impacted in Risks List is Client A, I have to lookup what all AD groups are present for Client A in RisksLookup
    List and provide access to only those groups for that item.
    Regards, Shreyas R S

    Hi
    another approach
    create 5 more lists, dedicated to each impacted service. for  Each one these lists apply needeed right ( based onAD groups )Keep you main list where first level will add new items . Attach a workflow to this main list, which will start when an item
    is added and which will add specific item's value to his new list ( based on impacted service value )
    Romeo Donca, Orange Romania (MCSE, MCITP, CCNA) Please Mark As Answer if my post solves your problem or Vote As Helpful if the post has been helpful for you.

  • Are managed users allowed to download apps?

    Hi, I never had this problem before. I disabled AIM for one of my users (I'm the Admin). I have this user set for Managed with "some Limits" so I can disable certain apps.
    I found my user was able to re download AIM and put it into one of their personal folders and execute it from there?
    I am surpised at this. I thought Mac OS X didn't allow this?

    BlueRondo:
    If your managed user has internet access they can indeed download files. However, installation usually requires admin user to authenticate.
    Good luck.
    cornelius

  • SP2010 - Get List of Subfolders' Permissions

    I have multiple folders, and each folder has multiple subfolders with unique permissions. Does anyone have a script (or something else) that would cycle through each subfolder and output the permissions? I would also like it to output the folder path/ web
    path.
    I have tried recording a query table, but it won't record 'document permissions'. 

    Hi,
    See whether these links helps you -
    http://social.technet.microsoft.com/Forums/sharepoint/en-US/a85647f2-5194-4962-815c-17c0778dc69c/how-to-get-a-report-or-list-for-permissions-on-all-sharepoint-2010-sites-and-subsites-and-libraries
    http://johanmeyer.ukuvuma.co.za/2013/02/22/export-all-user-permissions-from-a-sharepoint-2010-site-to-csv/
    Hope this helps!
    Ram - SharePoint Architect
    Blog - SharePointDeveloper.in
    Please vote or mark your question answered, if my reply helps you

  • Report on Sites, Lists and Libraries with Unique Permissions

    I would like to get a report on Sites, Pages, Lists, Libraries, Items and Documents under a Site Collection having Unique Permissions. What is the best way to accomplish that ?

    Finally catch your meaning. In SharePoint 2010, uniquely secured objects can be displayed on the permission settings page of the parent object(see my screenshots here
    http://cid-6f40fb61d28cf147.office.live.com/view.aspx/Technology/UniquePermission.docx
    ). And as you may already know, it seems only show inheritance broken within a site. I found it does not show unique permission of sub sites in a site collection.
    You may want something like a Broken Inheritance Report Jobs in SharePoint Administration Toolkit for SharePoint 2007 (http://blogs.msdn.com/b/sharepoint/archive/2009/08/27/announcing-the-fourth-release-of-the-microsoft-sharepoint-administration-toolkit.aspx
    ). However, I had not found it in SharePoint Administration toolkit for SharePoint 2010. 
    If you are currently in need of this kind of reports, you may try third party tools such as that from the Lightingtools(I am not familiar with it and don’t know
    if it will meet your requirement).
    Or you can back up the content database from and restore it to test environment to query. With the help of SQL Server profiler, I found that the stored procedure proc_SecChangeToUniqueScope(http://msdn.microsoft.com/en-us/library/dd358095(PROT.13).aspx
    ) is called when you break permission inheritance. You can find more information around this store procedure by searching:
    http://www.bing.com/search?q=site%3Amsdn.microsoft.com+proc_SecChangeToUniqueScope
    And you can make use of database comparison tools such as that from the visual studio 2010 premium/ultimate to compare the content database before and after the site
    permission inheritance is broken to learn what tables to query (of cause, you should do all this in test environment).

  • List of users who has access to current community

    Hi,
    Is there an API which provides list of users who have access to current community in ALUI? Will there be huge performance impact in retrieving the list of all users who have access to current communty?
    Thanks
    Sampath

    Sorry,
    I am not quite following you..
    Users can only view a community if the permissions exist for that specific community. I dont understand what do you meant by
    "I need to let user type a name and show his/her user ID from the list of users who have access to the current community".
    Are you trying to look at user permissions based on a list of communities existing in the portal? The user can't even get to that community if he doesn't have permissions.

  • JES Access Manager User Creation for Messanger

    Hi Everyone
    I installed JES 2005 Q4 on Solaris 10 x86 with schema 2 and Access Manager 7. The Directory Tree is as follows:
    Sol1.nucleussoftware.com:389
    dc=nucleussoftware,dc=com (34 acis)
    DSAME Users
    Internet
    People
    Groups
    Client Data
    services
    nucleussoftware.com
    People
    Groups
    o=Netscape Root (3 acis)
    cn=Schema (6 acis)
    cn=monitor (5 acis)
    cn=config (4 acis)
    Organization DN when I ran "configutil" after running comm_dssetup.pl, was specified o=nucleussoftware,dc=nucleussoftware,dc=com
    This is fresh installation and not any migration.
    Now I create user from Access Manager, http://sol1.nucleussoftware.com/amserver
    There are two organizations 1. Nucleussoftware and 2. Nucleussoftware->nucleussoftware.com
    So I have two locations to create users in People.
    When I create user from Access Manager and try to login into WebMail, I get Login Failed.
    But when I open "startconsole" or "mpsconsole" and open Messaging Server Console and in new user's property, Account Attribute, I mark the check box, and now try to login into WebMail, I get error message, "Mailbox is on a different server".
    I am missing one attribute that I used to get with schema 1 on iPlanet 5.2 for any user, Mail Server Address.
    Please tell me the exact method of creating a user for Messaging.
    Regards
    Amit Bist

    Access Manager was never intended to create working mail users. The Delegated Admin package is provided as part of JES, and that's what it is for, to manage users and groups. There's both a web interface, and a command-line interface, "commadmin"
    Or, you can examine the ldap entries for the automatically created accounts, and duplicate that. Messaging doesn't really care how the ldap entries get done, just so that they are done correctly.

  • Providing Access to Power Users to a Region in Portal

    Is there a way in Oracle Portal to provide Access to a Region of a Page Group to a specific user so they can make changes to it such as announcements to a system maintenance, etc.
    Thx in advance.
    KA

    user5944528 wrote:
    Is there a way in Oracle Portal to provide Access to a Region of a Page Group to a specific user so they can make changes to it such as announcements to a system maintenance, etc.
    Thx in advance.
    KABasically, each page (and also the page-groups, but I think you meant pages) has editable Access setttings where you can define any user, or group of users to have any privileges (view, edit, manage, etc). So, the easiest solution would be to create a page and use these settings and give editing privileges in this Access tab to only the group of administrators in your company. Other users may be given the viewing privileges.
    On such a page, you can have any portlets (eg, reports, forms, dynamic page, etc) coming from the providers. Access can also be set for each of these portlets and the group of administrators may be assigned the editing privileges for them. Other users may be given the viewing privileges. That way, this will remain visible to other users but editable only to the admin users.
    hope that helps!
    AMN

  • How to find out list of users and their access on Sharepoint

    Hello Everyone
    How can i find out list of users and what access they have on SharePoint site? I want to create table with list of the users and their access?
    Thanks

    you can get the report using below powershell scripts. first one gives list of users in a site collection level.
    The second link generates the permissions reports for each user.
    http://techtrainingnotes.blogspot.com/2010/12/sharepoint-powershell-script-to-list.html
    https://sp2010userperm.codeplex.com/
    My Blog- http://www.sharepoint-journey.com|
    If a post answers your question, please click Mark As Answer on that post and Vote as Helpful

Maybe you are looking for