Sharepoint 2010 Permission level Full Control and explicit deny
-
Monday, May 21, 2012 12:23 PM
I am facing a very frustating permission level issue with Sharepoint 2010. First, everything worked as expected up to few days ago.
I have a user on my sharepoint 2010 env (publishing portal) named rjo who is site collection administrator and has also Full Control permission level.
When I execute the Check Permission command from the ribbon I get the following:
Permission levels given to xxxx\rjo
Full Control
Given through the "xxx Owners" group.The following factors also affect the level of access for xxx\rjo (xxx\rjo)
Deny
Manage Permissions
Create and change permission levels on the Web site and assign permissions to users and groups.Deny
Create Subsites
Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.etc.. Seems like all the individual permissions are set to deny.
If I remove the user rjo from the Full Control permission level, all the deny permissions disappear. I have tried creating a brand new permission level with Allow permission on al items but I still get the deny when I check the permissions. Notice that this happens for all the users.
Does anyone experienced a similar issue? I suspect some kind of Windows update to have messed up the permissions but I cannot find a way to get proper permissions to my users.
All Replies
-
Monday, May 21, 2012 1:29 PMThe only place in SharePoint that you can apply a deny permission is at the Web Application level in Central Admin. Those web app permissions take precedence over any permissions at the site collection level or below. You need to check the permission policy that is applied to the web application in Central Admin. That's where you will find the Deny permission level.
Paul Stork SharePoint Server
MVP Senior Solutions Architect: BlueChip Consulting Group
Blog: http://dontpapanic.com/blog
Twitter: Follow @pstork
Please remember to mark your question as "answered" if this solves your problem. -
Monday, May 21, 2012 2:58 PM
This is indeed the first place I checked but unfortunatly all the permissions are set to Grant for the Full Control level.
-
Monday, May 21, 2012 6:16 PM
There are 4 Permission Policies defined by default at the Web applicaiton level in Central Admin. Make sure that Deny All hasn't been assigned to the user or a group that they are a member or. This is the one that would apply Deny permisisons to everything. the Full Control permission level here isn't connected to the one that your site collection admin has.
Paul Stork SharePoint Server
MVP Senior Solutions Architect: BlueChip Consulting Group
Blog: http://dontpapanic.com/blog
Twitter: Follow @pstork
Please remember to mark your question as "answered" if this solves your problem.- Marked As Answer by RJMex Tuesday, May 22, 2012 7:04 AM
-
Tuesday, May 22, 2012 7:04 AM
Thanks Paul, I have removed all the permission assignments in "Manage Permission Policy Levels" and recreated them.
This seems to have solved my issue. -
Wednesday, February 13, 2013 11:40 AM
Hi,
I have same issue but cannot remove "Deny all" from "Manage Permission Policy Level": how have done you? In this moment all permission management are blocked on my Site collection :(
FabioA
- Proposed As Answer by Fabio Alivernini Wednesday, February 13, 2013 11:58 AM
- Unproposed As Answer by Fabio Alivernini Wednesday, February 13, 2013 11:58 AM
-
Wednesday, February 13, 2013 12:01 PM
I found the solution on this blog:
http://neelb.wordpress.com/2012/01/18/additions-to-this-web-site-have-been-blocked-sp2010/
Very useful :)
FabioA
.png)
