none
Custom List & Discussion Boards - Access Denied

    Question

  • I am having permission issues with pre-built apps and custom list libraries, provided by SharePoint out of the box. Specifically when trying to implement a discussion board, I have given all users of the sub site appropriate permissions for being able to create, reply and even delete a post only on the discussion board library (Read, Contribute and Edit permissions) while the site wide permissions are Read Only. The problem is that no one except for global SharePoint administrators can edit anything. Users are given an Access Denied message upon trying to reply or delete a post.

    After testing permissions for awhile, I found that in order for users to edit (create, reply & delete) the discussion board or edit any custom list, they must have site-wide Edit permissions. Although this is not wanted because then any user can edit entire pages of the sub sites. It is almost if permissions exist between the site level and library level that I do not know of.

    Any suggestions or advise?

    Currently I am using SharePoint Online that came with the Office 365 package. I can provide more information if necessary.

    -Chris


    Thursday, December 15, 2016 11:27 PM

Answers

  • Hi Chris,

    Please check if you have enabled the feature Limited-access user permission lockdown mode in Site Collection features. If yes, please disable it.

    Best Regards,

    Victoria


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by ChrisHandyMan Thursday, January 5, 2017 6:25 PM
    Thursday, December 29, 2016 2:06 AM
    Moderator

All replies

  • Hi Chris,

    Please change the item level permission setting in Advanced settings in the Discussion Board list:

    Thanks,

    Victoria

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, December 19, 2016 10:56 AM
    Moderator
  • I have the "Create and edit all items" already checked for the discussion board and it seems to still persist.

    For a temporary work around, I have made separate sub sites to deal with the permissions per app library... but that would require making a sub site for every app library that uses different permissions.

    Any other ideas?

    Thanks.

    Monday, December 19, 2016 4:21 PM
  • Hi Chris,

    Could you please check if the users can edit items in other lists if they have edit permission on list level and read only permission on the site?

    Best Regards,

    Victoria


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, December 21, 2016 4:43 AM
    Moderator
  • No they cannot edit any list on the site without having site wide edit permissions. Even though I have broken the parent permission inheritance and created unique permissions for each list, it seems that the site level permission is still dictating permissions for all lists on the site. So, users cannot edit, add, or delete anything on any list, even if the list gives them unique permissions to.
    Wednesday, December 21, 2016 4:27 PM
  • Although, oddly, users can still add and delete posting to the site calendar which is just another library... with unique permissions for adding and deleting.
    Wednesday, December 21, 2016 4:31 PM
  • Hi Chris,

    Per my test, the users with only edit permission on the list can edit the list items.

    Could you please help verify that if the default Permission Level for Read and Edit have been changed?

    Best Regards,

    Victoria


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, December 22, 2016 10:03 AM
    Moderator
  • The settings for edit and read have not been changed, I have only added extra permissions that I needed. The default Read permission is not being used because it allowed viewing of the site contents which I did not want, so I made another version of Read for all of the users that blocked the permission 'View Application Pages'. Although I have tried switching back to the default Read permission, which the only difference is that it had the 'View Application Pages' allowed, it made no difference.

    For each library I want the user to view, I have a specific non-inherited permission that allows them to view the Application Pages. Would removing the 'View Application Pages' site level permission make a difference for editing a library?

    Tuesday, December 27, 2016 5:11 PM
  • Hi Chris,

    Please check if you have enabled the feature Limited-access user permission lockdown mode in Site Collection features. If yes, please disable it.

    Best Regards,

    Victoria


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by ChrisHandyMan Thursday, January 5, 2017 6:25 PM
    Thursday, December 29, 2016 2:06 AM
    Moderator
  • At some point last week, SharePoint was acting very strangely. Intermittent activity, permissions randomly not working correctly... although after turning off the Limited-access permission lockdown mode, everything seemed to stabilize. I can't say for sure if that feature was causing all the trouble because I noticed there was some maintenance occurring on SharePoint Online about two-three weeks ago. Maybe it was a combination of the feature and maintenance at the same time. 

    Thank you for your assistance!

    Thursday, January 5, 2017 6:29 PM