Users accessing sites they do not have permissions to
We just upgraded our sites to SharePoint 2013. We are using host named site collections and custom master pages with the publishing feature turned on for each site collection.
The problem I am facing is users can now access some sites they should not be able to, but not anything actual content within the site. For example, a user can access http://sharepoint/sites/restricted, but does not have access to http://sharepoint/sites/restricted/library.
I checked the web app user policy, and I verified that all users do not have full read, which is also verified by the fact that users cannot access 'sites/restricted/library'
There is nowhere in the site permissions of http://sharepoint/sites/restricted that says everyone should have this 'limited' viewing permission. Does anyone have any ideas?
I do not have a 'SitePges' library. When I check the user permissions on the pages library for a user that should not have any access, I get the following (which is the exact same as I get when checking a document library they cannot access)
Permission levels given to Jane Doe
None
The following factors also affect the level of access for Jane Doe
Allow
Create Subsites
Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.
Allow
View Pages
View pages in a Web site.
Similar Messages
-
HT1338 What do iPad users use if they do not have the apple icon??
Hi,
I'm trying to get Java onto my iPad, on looking at the following site, it suggests clicking the apple icon at the top of a mac? But I don't have a mac I have an iPad, so how do I do it?
http://support.apple.com/kb/HT1338?viewlocale=en_US
Thank you, in anticipation
MartinWelcome to Apple Support Communities.
Java is not directly available to install on iOS, the operating system for the iPad.
I'm not sure just what you're looking for.
Do you need Java enabled to use a specific website, such as an education site?
This browser app claims to have Java capability built-in.
I've not used it, so I cannot vouch for whether it works at all or how well it works.
http://itunes.apple.com/app/office-flash-java-w-chrome/id380204369?mt=8
For future reference, you've posted in the Mac OS X forums. (Yes, Mac does support Java in OS X, but the iPad uses iOS, completely different operating system.)
You'll likely get a faster reply by posting your questions in the iPad forums:
https://discussions.apple.com/community/ipad/using_ipad?view=discussions -
Hi
I originally posted this in the Windows 7 Networking forum and they advised to post it here.
We use Windows 7 SP1 clients with Roaming Profile and Folder Redirection and they are connected to a Windows 2008 SP2 server. We are getting issues when someone tries to open files on their redirected Desktop and they get the message "'The item
referred to by this shortcut cannot be accessed. You may not have the appropriate permissions" if you click browse it then defaults to a different users profile. If you click through the errors the file eventually loads. If you open Word from
the Start menu and then browse to the file it opens fine. We have found that deleteting the Normal.DOTM file sometimes fixes the error, but only seems effective 50% of the time. This doesn't happen for all users, and seems to occur in small
groups and not all the time. We have also had the same message come up with someone trying to open Word files an online learning resource we have created.
There are a couple of events showing for about the time the error occured they are:
Type Error Source Application Error Category Name 100 Event 1000
Faulting application name: WINWORD.EXE, version: 14.0.4762.1000, time stamp: 0x4bae25b7
Faulting module name: wwlib.dll, version: 14.0.4762.1000, time stamp: 0x4bae2623
Exception code: 0xc0000005
Fault offset: 0x00034b81
Faulting process id: 0x1734
Faulting application start time: 0x01d0234ef75c42aa
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
Faulting module path: C:\Program Files (x86)\Microsoft Office\Office14\wwlib.dll
Report Id: 6f74438b-8f42-11e4-9e45-00c2c6506cb5
Type information Source Office Software Protection Platform Service Category Name 0 Event 1003The Software Protection service has completed licensing status check.
Application Id=59a52881-a989-479d-af46-f275c6370663
Licensing Status=
1: 1f76e346-e0be-49bc-9954-70ec53a4fcfe, 1, 1 [(0 [0x00000000, 1, 0], [(?)(?)( 1 0x00000000 30 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)(?)(?)])(1 )(2 )]
2: 9da2a678-fb6b-4e67-ab84-60dd6a9c819a, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
3: dd457678-5c3e-48e4-bc67-a89b7a3e3b44, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
The software protection message we get in clusters of about 6 or more multiple times through the dayHi
An update. We have approx 400 people with roaming profile/folder redirection on Windows 7/2008 and this only seems to have occurred to about 15 people, and then seems to clear up for a period and then happens again. We also have a similar number
of people with roaming profile/folder redirection on Windows 7/2003 system and we haven't had a report of this issue happening on this setup.
So far we haven't been able to replicate the issue using a test account, so are struggling to find out what is causing it and why it is so random.
Regrds
Dave -
Hi there,
When a workflow task is assigned to a user, he cannot open a particular task. and
sees this error in browser:
A form template .xsn file cannot be accessed. You may not have the required permissions to open the file
The ULS Log for Correlation ID has these errors:
The XSN is null and its not a cross server issue. Most likely a permission issue
The XSN is null after attempting to get it from SiteAndWebCache
Please note:
- This user can open all other forms in the same location.
- If I increase his permission to Site Owner, he can open this form - but we cannot allow this.
- He was able to open it earlier - I made minor changes in the form and republished the workflow - since then he is having the trouble.
Any help will be appreciated!
Thanks.Hi ran009,
Please check if that user has contributor permission on the list that the workflow associated and have Edit item permission on related task list/item.
Also check if the workflow form or other workflow files has been checked out or not. If yes, check it in and test it again. Check Wayne Fan’s post in this thread if you have trouble to check the check-out/in status of the task form.
http://social.technet.microsoft.com/forums/en-US/sharepointcustomizationprevious/thread/cc8dc07b-b73d-424a-a3d4-2a2d7ad84504
Thanks & Regards,
Emir
Emir Liu
TechNet Community Support -
I have dropdown on infopath form , and it receives data from sql server table , it works fine when i am running in preview mode , but when i am publishing form to sharepoint server and loading that form
i am getting this
You do not have permissions to access a database that contains data required for this form to function correctly.
Can you please help?
Thanks,try this one, if not yet
Convert the data connection to UDC (store it in a Data Connection Library within the same site collection as the form library). See if this works without any other changes, but if not, then...
Manually edit your UDC file in Notepad (or your preferred editor) so that the authentication line is not commented out and so that it references the name of the SSO target app you created.
For Type, use NTLM.
Ensure the user has rights to access the database
Also ensure the connection file has been approved - A sharepoint admin can access a non approved Ucdx file. Go to the connection library and approve the file
Also check this post having the similar issue:
http://social.technet.microsoft.com/Forums/en-US/3196bafd-4bc3-40ab-ac2b-d149d1c3e0fa/sharepoint-2010-error-you-do-not-have-permissions-to-access-a-database?forum=sharepointdevelopmentprevious
Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog -
How can I notify staff of updated data if they do not have access to the remote data?
We have a shortcoming on one of our major programs that will not be fixed for at least one year. I want to create a notice for staff when there are pending requests for local offices. I am using a remote view to check if there are new requests from
local offices:
SELECT xxx_yyyyy_request_queue.COMMENTS;
FROM xxx_yyyyy_REQUEST_QUEUE xxx_yyyyy_request_queue;
WHERE xxx_yyyyy_request_queue.MODIFIED_BY IS NULL
I use the remote view as the data source for a table and have a small window that stays on top that I can see if there is an order. I trigger the remote view using a timer event.
This is fine as a stop-gap. However, I cannot run this on the machines of the staff that need the notice: they do not have the correct version of Oracle, they do not have access to that remote data, we do not want multiple machines triggering the same query
every 15 seconds, etc.
Is there a way that I can notify other users of the change in the data fro the remote view. My original thought was to update a local table with the view reults and have a companion routine notify them of changes to that table. However, I do not see how
the SQL used by VFP accomodates the "INTO" clause.
Your help is appreciated.data.
At least your query seems to get data where MODIFIED_BY IS NULL, doesn't it?
So if the reccount is>0 there is a reason to inform your employees.
Bye, Olaf.
Olaf Doschke - TMN Systemberatung GmbH
http://www.tmn-systemberatung.de -
New-MsolUser : Access Denied. You do not have permissions to call this cmdlet.
I am trying to create new user in Azure Active Directoy,
New-MsolUser -UserPrincipalName [email protected] -DisplayName "username" -FirstName "fname" -LastName "lname"
I am getting this error,
New-MsolUser : Access Denied. You do not have permissions to call this cmdlet.
Can anyone suggest what could be the problem?Hi Shankar,
The error "New-MsolUser : Access Denied. You do not have permissions to call this cmdlet" when trying to use the cmdlet indicates you might have to check if you have the appropriate admin role.
You could refer the following link for details on various types of Admin Roles in Windows Azure Active Directory.
https://support.office.com/en-US/Article/Assigning-admin-roles-eac4d046-1afd-4f1a-85fc-8219c79e1504?ui=en-US&rs=en-US&ad=US
Also, you could refer the following link for assistance with using PowerShell to create bulk users for Office365.
http://blogs.technet.com/b/heyscriptingguy/archive/2014/08/04/use-powershell-to-create-bulk-users-for-office-365.aspx
Regards,Malar. -
The logged in user does not have permissions to perform this operation
OIM 11.1.2.0.4
Connector: Microsoft Active Directory User Management 11.1.1.5.0
Action: revoke a provisioned AD account (logged in user is XELSYSADM member of SYSTEM ADMINISTRATIONS role)
Error message: IAM-2050243 : Orchestration process with id 5756, failed with error message IAM-4065011 : An error occurred in oracle.iam.provisioning.spi.DOBProvisioningMechanism/revoke(Account) while revoking account with id 1 for the user with key 43 and the cause of error is The logged in user does not have permissions to perform this operation..The problem is missing entries into table AAD, Provisioning API uses table AAD to check administrator's scope on the user's organization.
TEST: following SQL statement should return at least a value
select aad_write, aad_delete
from aad aad
, usr usr
where aad.act_key = usr.act_key
and usr.usr_key = <user_key_of_user_you_wanto_to_revoke>
and aad.ugp_key in (
select ugp.ugp_key
from ugp ugp
, usg usg
where ugp.ugp_key = usg.ugp_key
and usg.usr_key = <user_key_of_xelsysadm>
BUG (in my case): if you create an Organization using a OIM user that does not have any Role (except default ALL USERS Role) the system does NOT add right entries into AAD table, so you can revoke account of users that are members of this Organization
WORKAROUND: manually insert entries for all Organizations (ACT_KEYs) for the user XELSYSADM into AAD table
FIX: always create an Organization using a OIM users with at least one Role except ALL USERS role -
GPO to push HKCU regkeys to users that do not have permissions to write to the registry?
We run a 2008r2 domain and mostly Win7 clients, but some are still XP. I need to apply some application settings in an admin template(user), and also need to push a regkey to HkeyCurrentUser for those users. I would like to use GPP for the
regkey, if possible, but the end-users do not have permissions to edit the registry on their computers. Is this something that would have to be scripted? or can I do this through group policy?
I was thinking that the computer side of Group Policy ran under the System account, but that user side ran under the user's security context? This is probably an easy one, but any ideas would be appreciated.
Thanks,
Dan
Dan HeimEven though users are not admins, some parts of the registry are open for editing. The easiest way to determine if thats the case, is to actually try changing the value when you're logged on to a client as non-admin.
Note that according to: http://support.microsoft.com/kb/2252421, a possibility would also be to change the value as following (that can sometimes help when using both policies and GPP's)
How to deploy the junk email list trigger to the non-policy location in the registry
You can also configure the junk email list trigger in the following non-policy location in the registry:
Key: HKEY_CURRENT_USER\Software\Microsoft\Office\1x.0\Outlook\Options\Mail
DWORD: JunkMailImportLists
Value: 1
Note The 1x.0 placeholder represents your version of Outlook (11.0 = Outlook 2003, 12.0 = Outlook 2007, 14.0 = Outlook 2010, and 15.0 = Outlook 2013)."
Microsoft Certified Trainer
MCSE: Desktop, Server, Private Cloud, Messaging
Blog: http://365lab.net -
I uninstalled Firefox and not it will not install for me. I get a error that says, The item referred to by this shortcut cannot be accessed. You may not have the appropriate permissions. What can I do?
Here is a pic.
-
5.7.1 Client does not have permissions to send as this sender - NLB
Hi there- we have an application which sends out email notifications to a third party vendor. The vendor was previously using Exchange Server 2010 and they have recently migrated to Exchange Server 2013. They have also implemented NLB and have two Client
Access Servers configured.
Our application has been spitting out "SMTP 5.7.1 Client does not have permissions to send as this sender" errors ever since the vendor has implemented NLB. As our application uses the IP address of the Exchange Server, we have tried specifying
the IP address of both the Client Access Servers but that did not help. We then tried specifying the IP address of the NLB which did not make any difference either. The vendor has confirmed that anonymous relay has been enabled on the receive connectors of
both the Client Access Servers. I must add that our application sits on the vendor's server and the application and exchange servers are in the same domain. The "Send From" email address is an existing mailbox configured by the vendor.
Telnet from the App server to the NLB on port 25 has gone through without any dramas.
Is there anything else we would need to check to get this working?
CheersHi
Ensure that an dedicated relay connector is created in new exchaneg 2013 server
assign the correct subnets and the ip address of the app server into the relay connector
Run the below command to grant anonymous permission on the relay connector
Get-ReceiveConnector "Anonymous Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"
Specify the ip address of the mailbox server in your app server since the transport core services resides on mailbox server and cas server acts as stateless proxy
Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com -
You do not have permissions to open the dashboard
On a clean install of 2012 R2, I joined an existing domain and added the Essentials role. After that, I configured it which took about 5 minutes. At the end, it placed an icon on the desktop called "Dashboard". It will not allow
me to open this no matter what I try. I get this error:
Cannot open the Dashboard
You do not have permissions to open the dashboard. Please log on as a network administrator and try to open the dashboard again.
I am using a domain admin account. For laughs, I tried a couple accounts, but had no luck.
The log at "C:\ProgramData\Microsoft\Windows Server\Logs\dashboard.log" shows "Dashboard.Forms: Dashboard: Non domain admin cannot access dashboard."
Server Manager shows a green up arrow by Manageability for WSEE.
BPA shows only one error about Windows Server Backup and unsupported partition, which from what I gather is to be ignored as a false alarm.
Not sure what to do here. Nothing seems to work. Ideas? Suggestions?Hi everyone!
I went in and tried all of your solutions, but none worked.
I have found the REAL solution to why this isn't working, and it should be corrected by Microsoft.
In the users profile, you can see the member of and primary group.
With my admin account, on Primary Group, I had "Domain Admins" as the group. It didn't work. I tried setting that to Enterprise Admins, and it worked and was able to get into dashboard. I set it back to Domain Admins, and it didn't work.
I set it as Domain Users, and it worked.
As long as you have the user in Domain Admins group, and primary group set to either "Domain Users" or "Enterprise Admins" -- it will always work. The account does NOT need to be in the Enterprise Admins group, just be sure to keep the
primary group on "Domain Users", and make sure it is in the "Domain Admins" group.
When the member above Lynn said they created a new account, it worked because ALL new user accounts are set to primary group of "Domain Users".
When the other user Brian Hoyt had to remove ALL administrator groups, it removed the primary role from "Domain Admins" to "Domain Users" which then worked. Then he added ALL admin groups (you do NOT need Enterprise Admins group) but
probably forgot to set the primary group, which is good and that is why it worked. When he copied the Admin account, the primary group always rolls over to the new account and is copied with it. When he removed all groups, he forgot to set back the primary
group.
When Robert Pearman tried, he probably had the primary group set to something other than "Domain Admins" as well.
You don't want a Domain Admin (primary group) configuring your server. You want a domain user in Admin group (such as an employee to reset passwords), OR the Enterprise Admin (primary group) to configure server applications, NOT a domain admin. So
I do see why Microsoft had this set the way it is.
So basically, you can NOT have the primary group to "Domain Admins". It needs to be either "Domain Users" OR "Enterprise Admins". The account MUST be in the "Domain Admins" group.
I do believe Microsoft should fix this issue, because it could be a bug, but also could be so that Domain Admins (primary group) can't screw applications that should be maintained and configured by Enterprise Admins (primary group).
I have made a video showing the problem was fixed, and this is the solution!
youtube.com\watch?v=bZoNc3RkBSw
Thanks guys! -
You do not have permissions to open this file on Excel Services.
Hi all,
I am recieving this error:
I have setup a trusted location to the document library where the Excel spreadsheet resides, and I still recieved the error. I changed the location to the entire site and I still recieve the error. I am the Sharepoint Admin, so I have full
rights to all.
I am on SharePoint 2007.
I set the location as Http://sitename/document Library name
Location type = Windows SP Services
Checked trust Children
there are no extrernal connections so I took the defaults for all other options.
Any help would be greatly appreciated.
TIA,
JoeHi,
I understand that when you try to open an excel file in browser, you received Access Denied error. You can check the excel service settings in Central Administration like this :
Open Central Administration -> go to Operations tab. Ensure that the Excel Service is running
Open Central Administration -> go to your configured Shared Service -> click Excel Service Settings. Set File Access Method: ensure that it is not using Impersonation, instead the Option Process Account should be enabled.
Open Central Administration -> go to your configured Shared Service -> click add new trusted file location.
field URL: here you can specify a report library or the whole portal
Location Type: should be Windows SharePoint Services
Children trusted: defines whether the children should also be trusted or only the defined path
For more information, please refer to this site:
MOSS Excel Services you do not have permissions to open this file:
http://developers.de/blogs/nadine_storandt/archive/2007/09/06/moss-excel-services-you-do-not-have-permissions-to-view-this-workbook.aspx
Thanks,
Entan Ming
TechNet Subscriber Support in forum
If you have any feedback on our support, please [email protected]
Entan Ming
TechNet Community Support -
Hi,
I am trying to use "IBIMonitoringAuthoring" in my local web site.
But i am getting error like "Server was unable to process request. ---> You do not have permissions to create a data source in this document library. Additional details have been logged for your administrator."
My code is below,
string url = ServerName + webServiceUrl;
IBIMonitoringAuthoring biService = BIMonitoringAuthoringServiceProxy.CreateInstance(url);
//Create data source object
DataSource dataCube = new DataSource("AW_Data_Cube");
dataCube.Name.Text = "AW_Data_Cube";
dataCube.ServerName = "SQL2008dev";
dataCube.DatabaseName = "Analysis Services Project1";
dataCube.CubeName = "TestCube";
dataCube.ConnectionContext = ConnectionContext.ConnectAsSharedUser;
dataCube.FormattingDimensionName = "Measures";
dataCube.MinutesToCache = 10;
dataCube.CustomTimeIntelligenceSettings = "";
biService.CreateDataSource(connectionListUrl, dataCube);
How could i authenticate the Service. Is there any way to pass credentials for this method?
Thanks & Regards
Poomani SankaranI suffered similar issue in Infopath, and i finally solved the issue by changing the data connection URL, it should the same as the Infopath publish location.
for example: SP server iP 192.168.1.1 have two name, hostname is mySP, alternate assces mapping name is companySP, and you can access the websit by both
http://mySP and
http://companySP
hope it can help someone.. -
Participant 'weblogic' does not have permissions to execute the operation ?
Hello,
We have modelize our Business process, this process can start with
An Automtaic task based on an event recevied from a web services or via a start event with an iniator task.
The deployment of this process was ok.
But when we try to run this process in the "Business Process Workspace" we get the folowing message : "Participant 'weblogic' does not have permissions to execute the operation. "
The users has the corresponding role of the lane so it should be right ?
Thanks
Grégoire.Hi Heidi,
The Application list does contain the process link.
However, in the admin role association's page, the roles of the process are not present, and as such cannot be assigned. I've tried adding a role according to the naming convention but I assume they must be associated explicitly to the process by the deployment process...
We have loads of roles related to processses that have since been undeployed.
So what do you advise? Should we try to undeploy and redeploy the process? This was already been done and, as far as I know, with the same result.
Thanks
Miguel
Maybe you are looking for
-
hi, What are steps to create a production order thanks
-
Take a look at the attached pic. Okay, now how can I have the time stamp written to the file along with the other data? It should be an easy thing but I can't make it work. Any comments will be helpful. Thanks Attachments: timestamp.PNG 8 KB
-
Naming template problem in Lightroom 4
My file naming template is working differently. It is a template from Lightroom 3 but now it is adding an underscore before the .jpg so it looks like 1234_.jpg. The underscore wasn't there before and I can't figure out how to get rid of it. On th
-
Contact person Number range in ERP and CRM - Middleware settings
Dear SDN team, We have currently integrated SAP CRM 5.2 and SAP R/3 4.6 c using Middleware . The contact persons are maintained in SAP R/3 system and also downloaded into CRM system . Currently the Number range is different in both the systems Going
-
Insufficient disk space error on vmware esxi when installing cucm
I have 85 GB to VM for ESXI Server and 75 GB to ESXi Server