locked
MOSS 2007 calendar still viewable by all users despite only 2 users having permissions RRS feed

  • Question

  • Okay, I'll bite.  I have a calendar in MOSS 2007 for which I've broken inheritance from the parent site.  Only two users now have rights to the calender - myself and one other person.  Despite this, all logged in users can still view the calendar.  I've double checked everything I can think of.  What else can I try?  It is important that this calendar is only viewable by those who have rights.

    Thanks in advance.

    Kate

    Wednesday, November 30, 2011 4:10 PM

Answers

  • Hi,

    Check effective permissions on this calender for the users you think should not have rights on this.

    You can use security report account functionality available in admin toolkit provided by MSFT.

    You can get it here:

    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=14227

    I hope this will help you out.


    Thanks, Rahul Rashu
    • Marked as answer by Pengyu Zhao Monday, December 12, 2011 8:27 AM
    Thursday, December 1, 2011 4:06 AM
  • Sorry for the thread rez, but I wanted to follow up with what the actual problem was.  The good folks over at SharePoint911 figured it out.   In my site collection, about 25 Lists, libraries and sites were marked in the dbo.Perms table to allow anonymous access despite anonymous access being turned off in Central Admin when the site collection was set up.

    To ID the problem, they queried the dbo.Perms table to return any list/library/site where AnonymousPermMask = '68719677505'

    To solve the problem, we had to enable anonymous access in Central Admin, at which point we could use the browser front end to go in an manually set all the errant lists/libraries/sites to allow no anonymous access.

    What's interesting is that on most of these lists/libraries/sites that had the errant anonymous access setting also had totally dropped all users I'd given explicit rights to.  Thankfully, it left me, the site collection administrator.

    Weird stuff but I hope it helps someone out there.

    • Marked as answer by Kate P. _ Thursday, December 15, 2011 7:52 PM
    Thursday, December 15, 2011 7:52 PM

All replies

  • Site Collection Admin cannot be prohibited from seeing things.  Ensure that these people in question are not set as one.

    Pingback with more info, as we don't know what the range of 'everythinig I can think of' really means.


    Steve Clark, MCTS | Twin-Soft.com
    Wednesday, November 30, 2011 5:48 PM
  • Hi Steve,

    I just double checked but there are only 2 site collection admins for my site (I have 1 MOSS 2007 server). 

    I was making a list of the things I've tried to fix this and I came across something more relevant:  I compared the permissions on the calendar in question to another list I have in which the restrictions are working properly (meaning users with no rights to the list get an error).  The restrictions were the same BUT the calendar and list are in different sites in my site hierarchy like this:

    Intranet (main site)

        Business Areas (the calendar that everyone can see despite my restrictions is here)

               Information Technology (the list that only approved people can see is here)

    For grins, I created a test list at the Business areas level, gave only myself rights and yet everyone can still see the list items.  So it must be something with the rights at the Business Areas site level or above.  Going to do more research now (if any one has any tips, that would be greatly appreciated!)

    Thanks,

    Kate


    ETA: Interesting, I just selected a random user for whom I tested their rights to lists and libraries using The SharePoint Access Checker web part.  It insists the user does not have even read rights to the calendar yet the user can view both the calendar and items.  I'm stumped.
    • Edited by Kate P. _ Wednesday, November 30, 2011 8:55 PM
    Wednesday, November 30, 2011 8:04 PM
  • You stated that you broke inheritence for the calendar, so it shouldn't matter where the calendar is.  The rights you give it are the only rights that it should respect. 

    So, feel free to expand on this concept.


    Steve Clark, MCTS | Twin-Soft.com
    Wednesday, November 30, 2011 10:05 PM
  • Hi,

    Check effective permissions on this calender for the users you think should not have rights on this.

    You can use security report account functionality available in admin toolkit provided by MSFT.

    You can get it here:

    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=14227

    I hope this will help you out.


    Thanks, Rahul Rashu
    • Marked as answer by Pengyu Zhao Monday, December 12, 2011 8:27 AM
    Thursday, December 1, 2011 4:06 AM
  • Thanks, Rahul, I'll start there!

    Kate

    Thursday, December 1, 2011 7:30 PM
  • Sorry for the thread rez, but I wanted to follow up with what the actual problem was.  The good folks over at SharePoint911 figured it out.   In my site collection, about 25 Lists, libraries and sites were marked in the dbo.Perms table to allow anonymous access despite anonymous access being turned off in Central Admin when the site collection was set up.

    To ID the problem, they queried the dbo.Perms table to return any list/library/site where AnonymousPermMask = '68719677505'

    To solve the problem, we had to enable anonymous access in Central Admin, at which point we could use the browser front end to go in an manually set all the errant lists/libraries/sites to allow no anonymous access.

    What's interesting is that on most of these lists/libraries/sites that had the errant anonymous access setting also had totally dropped all users I'd given explicit rights to.  Thankfully, it left me, the site collection administrator.

    Weird stuff but I hope it helps someone out there.

    • Marked as answer by Kate P. _ Thursday, December 15, 2011 7:52 PM
    Thursday, December 15, 2011 7:52 PM