locked
Sharepoint Site with Non-Inherited rights not allowing access. RRS feed

  • Question

  • Hi all.  Completely stumped on this one.  Here is the scenario...

    Windows SharePoint Services 3.0.  I have multiple sites.  I want to create a new sub-site called Protected.  I go to sites and workspaces and create a new site.  I give it the name Protected, I give it a basic description, I give it a basic url name of protected, I use the basic team site as the template.  (this is where it gets to be a problem) Under User Permissions, I tell it to use unique permissions.  Then I say yes to display the site on the quicklaunch but No to display the TOP parent link bar.

    So then it takes me to the next screen which is permissions.  There is Team Site Visitors as the visitors, Protected Members as the members and Protected Owners as the owners of the site.  This is all normal. 

    So I have a user that I add to the Protected Members group called USER1.  This user only has access to this site and this site only.  This is the only site I want him to have permissions to.  

    I then go to to the site url for the new Protected site and enter USER1's credentials and it comes up with the screen that says I am logged in as Domain\USER1 you do not have permissions to access this site.  WHAT????  Why not???

    So then I add USER1 to the Protected Owners group instead and try to hit the URL and still the same error.

    So then I remove USER1 from both the Protected Owners group and Protected Members group and add him to the Team Site Visitors (has access to all sites above this one) and I can get to the site.  But that also means I can look at everything else Team Site Visitors has access to (the rest of my internal company sites).  I can't have this, which is why I didn't inherit and don't want to inherit rights from above.  

    I have created other sites that are restricted before and it works perfectly fine but as of this point on I can't do the above scenario and get it to work successfully.  

    Anyone have any reason why?? Is there some kind of database I might need to do some kind of maintenance on?  or any kind of strange limit on anything that I may have hit that I don't know about?  

    I'm baffled and I thank everyone in advance to whatever help can be given.

    Ken Wilson

     

    • Edited by Mike Walsh FIN Friday, February 4, 2011 7:27 PM No need for Caps here USE UNIQUE PERMISSIONS
    Friday, February 4, 2011 6:26 PM

Answers

  • I suspect the problem is that the Protected site is using something from the root site like a master page.  for example, If you turned on Publishing in the site collection then the master page is actually being pulled from the root level site collection master page gallery.  Even if you didn't turn on publishing there are still things like web parts that are stored in the root site.  Try this:

    1. Give User 1 ReadOnly access to the top level site

    2. Add them to the Protected Members group in the site and see if they can now get to it.

    If they can get a copy of Fiddler and find out what resources they are using from the top level site so you can give them restricted access to those resorces wiithout giving them access elsewhere in the root site. 


    Paul Stork SharePoint Server MVP
    • Marked as answer by Leoyi Sun Wednesday, February 16, 2011 9:16 AM
    Friday, February 4, 2011 7:23 PM

All replies

  • I suspect the problem is that the Protected site is using something from the root site like a master page.  for example, If you turned on Publishing in the site collection then the master page is actually being pulled from the root level site collection master page gallery.  Even if you didn't turn on publishing there are still things like web parts that are stored in the root site.  Try this:

    1. Give User 1 ReadOnly access to the top level site

    2. Add them to the Protected Members group in the site and see if they can now get to it.

    If they can get a copy of Fiddler and find out what resources they are using from the top level site so you can give them restricted access to those resorces wiithout giving them access elsewhere in the root site. 


    Paul Stork SharePoint Server MVP
    • Marked as answer by Leoyi Sun Wednesday, February 16, 2011 9:16 AM
    Friday, February 4, 2011 7:23 PM
  • Ok so here is more to the story.  It seems like if I add any user to any site (whether old or newly created) and I DON'T add them to the home site visitor then they cannot login directly to the page.  However there is one site that works when I add the USER1 to it.  Is there a way to view the differences between a site after it has been created.  I was the person who created both of these sites and don't remember doing anything differently.  Also nothing has changed to the templates or anything from the time the site that works was created compared to now.

    I tried to do the fiddler and had someone here who is a fiddler expert and he didn't see any specific form or object that would be causing the unauthorized access page.  So that was a dead end.  


    Ken Wilson
    Monday, February 7, 2011 4:09 PM
  • Bumping for help.  Any is appreciated.

    Thanks


    Ken Wilson
    Tuesday, February 8, 2011 3:39 PM