{"id":303,"date":"2014-04-16T12:17:41","date_gmt":"2014-04-16T11:17:41","guid":{"rendered":"http:\/\/blogs-new.it.ox.ac.uk\/nexus\/?p=303"},"modified":"2014-04-16T12:26:47","modified_gmt":"2014-04-16T11:26:47","slug":"sharepoint-access-denied","status":"publish","type":"post","link":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/2014\/04\/16\/sharepoint-access-denied\/","title":{"rendered":"Sharepoint Access Denied"},"content":{"rendered":"<p>We&#8217;ve had problems reported with some SharePoint sites recently where folks have been invited to view documents in a library and provide feedback.\u00a0 The complaint is that lots of people simply get \u201cAccess Denied\u201d messages.<\/p>\n<p>A quick check of the permissions isn&#8217;t always the answer &#8211; sometimes it&#8217;s SharePoint doing exactly what it was told to do when the site was first set-up, even if that&#8217;s not immediately apparent.<\/p>\n<p>In this latest case the &#8216;access denied&#8217; messages were being generated because, when the site was designed, it had been decided that only a particular Project Team (with &#8216;Contribute&#8217; access) should see interim versions of documents.\u00a0 This seems very reasonable, doesn&#8217;t it?<\/p>\n<p><strong>Here&#8217;s what was happening:<\/strong><\/p>\n<p>Imagine you&#8217;ve started working on the next draft of your Communications Plan &#8211; the version may be 1.1 or 1.2.\u00a0 To keep things simple for site visitors you set-up the site to only let them see the last <em>major<\/em>\u00a0version. This makes your v1.2 document an interim version. Being an interim release it may perhaps have pending unapproved edits or spelling mistakes.<\/p>\n<p>However this setting also means that your visitors, those who only have &#8216;read&#8217; permission (or &#8216;restricted read&#8217;), will only be presented with the last <em>major<\/em> version &#8211; 1.0 in this case.<\/p>\n<p><strong>Here&#8217;s the gotcha:<\/strong><\/p>\n<p>If you have <em>never actually produced a major version<\/em> &#8211; you&#8217;re still working on versions \u00a00.1 or 0.2 &#8211; then your visitors don&#8217;t get to see the document &#8211; it&#8217;s not a major version, after all.\u00a0 What has confounded some who investigate this issue is that your close colleagues in the project team can see all the\u00a0 files. The relevant permissions seem to be in place for the visitors too.<\/p>\n<p><strong>How does this happen?<\/strong><\/p>\n<p>When you set up your library you may have gone to <strong>Library<\/strong> -&gt; <strong>Library Settings<\/strong> -&gt; <strong>Versioning Settings<\/strong>\u00a0and set it up like this:<\/p>\n<p><a href=\"http:\/\/blogs-new.it.ox.ac.uk\/nexus\/files\/2014\/04\/sp.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-304\" alt=\"sp\" src=\"http:\/\/blogs-new.it.ox.ac.uk\/nexus\/files\/2014\/04\/sp.png\" width=\"996\" height=\"375\" srcset=\"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/files\/2014\/04\/sp.png 996w, https:\/\/blogs-new.it.ox.ac.uk\/nexus\/files\/2014\/04\/sp-300x112.png 300w\" sizes=\"auto, (max-width: 996px) 100vw, 996px\" \/><\/a><\/p>\n<p>Note the part which says &#8216;<strong>Who should see draft items?&#8217;. <\/strong>In this example it is<strong> &#8216;Only users who can <span style=\"color: #ff0000\">edit<\/span> items<\/strong>&#8216;, not users who can only <strong><span style=\"color: #ff0000\">VIEW<\/span><\/strong> said items.<\/p>\n<p>So, if a version of a document is still at 0.2, anyone with <strong>Read<\/strong> or <strong>Restricted Read<\/strong> access-permissions simply can&#8217;t see your document &#8211; by design.\u00a0 If you&#8217;d produced documents beyond that crucial v1.0 milestone things would be a little better. You might be working on v1.2 but at least your read-only users will see something &#8211; in this case version 1.0.<\/p>\n<p>This may well be what you wanted when you first set up the library but, if this is not borne in mind, has the potential to cause much visitor (and support staff) confusion.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We&#8217;ve had problems reported with some SharePoint sites recently where folks have been invited to view documents in a library and provide feedback.\u00a0 The complaint is that lots of people simply get \u201cAccess Denied\u201d messages. A quick check of the &hellip; <a href=\"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/2014\/04\/16\/sharepoint-access-denied\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":107,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-303","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/posts\/303","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/users\/107"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/comments?post=303"}],"version-history":[{"count":4,"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/posts\/303\/revisions"}],"predecessor-version":[{"id":308,"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/posts\/303\/revisions\/308"}],"wp:attachment":[{"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/media?parent=303"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/categories?post=303"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/tags?post=303"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}