Solved

User has access but is not a member of any group

Posted on 2010-11-20
3
3,268 Views
Last Modified: 2012-05-10
Help!  I have a user that access to all of the content in my site even though he has been restricted for certain lists and for certain items within the list.  

To troubleshoot the issue, I have removed him from all security groups in the site.  He should have no access to anything in the site or any lists.  He can still see the items.  And when I click on a list item and check his permissions, here's what I see.  What do I need to do now?  Where is he getting all these extra permissions?


Permission levels given to Matthew (domain\matt)  

None  
The following factors also affect the level of access for Matthew (domain\matt)  
 
Allow  
 Manage Permissions  
 Create and change permission levels on the Web site and assign permissions to users and groups.  
 
Allow  
 View Web Analytics Data  
 View reports on Web site usage.  
 
Allow  
 Create Subsites  
 Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.  
 
Allow  
 Manage Web Site  
 Grants the ability to perform all administration tasks for the Web site as well as manage content.  
 
Allow  
 Add and Customize Pages  
 Add, change, or delete HTML pages or Web Part Pages, and edit the Web site using a Microsoft SharePoint Foundation-compatible editor.  
 
Allow  
 Manage Lists  
 Create and delete lists, add or remove columns in a list, and add or remove public views of a list.  
 
Allow  
 Apply Themes and Borders  
 Apply a theme or borders to the entire Web site.  
 
Allow  
 Apply Style Sheets  
 Apply a style sheet (.CSS file) to the Web site.  
 
Allow  
 Override Check Out  
 Discard or check in a document which is checked out to another user.  
 
Allow  
 Manage Personal Views  
 Create, change, and delete personal views of lists.  
 
Allow  
 Add/Remove Personal Web Parts  
 Add or remove personal Web Parts on a Web Part Page.  
 
Allow  
 Update Personal Web Parts  
 Update Web Parts to display personalized information.  
 
Allow  
 Add Items  
 Add items to lists and add documents to document libraries.  
 
Allow  
 Edit Items  
 Edit items in lists, edit documents in document libraries, and customize Web Part Pages in document libraries.  
 
Allow  
 Delete Items  
 Delete items from a list and documents from a document library.  
 
Allow  
 Create Groups  
 Create a group of users that can be used anywhere within the site collection.  
 
Allow  
 Browse Directories  
 Enumerate files and folders in a Web site using SharePoint Designer and Web DAV interfaces.  
 
Allow  
 View Items  
 View items in lists and documents in document libraries.  
 
Allow  
 Use Self-Service Site Creation  
 Create a Web site using Self-Service Site Creation.  
 
Allow  
 View Pages  
 View pages in a Web site.  
 
Allow  
 Approve Items  
 Approve a minor version of a list item or document.  
 
Allow  
 Enumerate Permissions  
 Enumerate permissions on the Web site, list, folder, document, or list item.  
 
Allow  
 Open Items  
 View the source of documents with server-side file handlers.  
 
Allow  
 View Versions  
 View past versions of a list item or document.  
 
Allow  
 Delete Versions  
 Delete past versions of a list item or document.  
 
Allow  
 Browse User Information  
 View information about users of the Web site.  
 
Allow  
 Create Alerts  
 Create alerts.  
 
Allow  
 Manage Alerts  
 Manage alerts for all users of the Web site.  
 
Allow  
 View Application Pages  
 View forms, views, and application pages. Enumerate lists.  
 
Allow  
 Use Remote Interfaces  
 Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site.  
 
Allow  
 Use Client Integration Features  
 Use features which launch client applications. Without this permission, users will have to work on documents locally and upload their changes.  
 
Allow  
 Open  
 Allows users to open a Web site, list, or folder in order to access items inside that container.  
 
Allow  
 Edit Personal User Information  
 Allows a user to change his or her own user information, such as adding a picture.  
 
 
0
Comment
Question by:adelia_associates
  • 2
3 Comments
 
LVL 19

Expert Comment

by:Iammontoya
ID: 34180009
What kind of access does he have on his domain account? He probably belongs to a group that has been granted rights trough the SharePoint install. I would look at his AD group membership and go from there. If you can, remove him from all groups in AD and go from there.
0
 

Author Comment

by:adelia_associates
ID: 34180019
Do you know where those groups are granted rights through the Sharepoint install?  I'm not the AD administrator so can't check what groups he's in until Monday, but it would help to know where those might have been set so I can confirm that theory.  
0
 
LVL 19

Accepted Solution

by:
Iammontoya earned 500 total points
ID: 34180386
You can look in central admin, to be sure that no global groups are included in admin. An AD group can be included anywhere in your install, so I would start at central admin, then move down through the site collections, etc...
You could theoretically create a site collection to test. If he has rights in that new site collection, then he has some sort of admin rights. If he doesn't, then he probably has rights at a site collection level.

Cheers
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Note:  There are two main ways to deploy InfoPath forms:  Server-side and directly through the SharePoint site.  Deploying a server-side InfoPath form means the form is approved by the Administrator, thus allowing greater functionality in the form. …
SharePoint Designer 2010 has tools and commands to do everything that can be done with web parts in the browser, and then some – except uploading a web part straight into a page that is edited in SPD. So, can it be done? Scenario For a recent pr…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now