Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


User has access but is not a member of any group

Posted on 2010-11-20
Medium Priority
Last Modified: 2012-05-10
Help!  I have a user that access to all of the content in my site even though he has been restricted for certain lists and for certain items within the list.  

To troubleshoot the issue, I have removed him from all security groups in the site.  He should have no access to anything in the site or any lists.  He can still see the items.  And when I click on a list item and check his permissions, here's what I see.  What do I need to do now?  Where is he getting all these extra permissions?

Permission levels given to Matthew (domain\matt)  

The following factors also affect the level of access for Matthew (domain\matt)  
 Manage Permissions  
 Create and change permission levels on the Web site and assign permissions to users and groups.  
 View Web Analytics Data  
 View reports on Web site usage.  
 Create Subsites  
 Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.  
 Manage Web Site  
 Grants the ability to perform all administration tasks for the Web site as well as manage content.  
 Add and Customize Pages  
 Add, change, or delete HTML pages or Web Part Pages, and edit the Web site using a Microsoft SharePoint Foundation-compatible editor.  
 Manage Lists  
 Create and delete lists, add or remove columns in a list, and add or remove public views of a list.  
 Apply Themes and Borders  
 Apply a theme or borders to the entire Web site.  
 Apply Style Sheets  
 Apply a style sheet (.CSS file) to the Web site.  
 Override Check Out  
 Discard or check in a document which is checked out to another user.  
 Manage Personal Views  
 Create, change, and delete personal views of lists.  
 Add/Remove Personal Web Parts  
 Add or remove personal Web Parts on a Web Part Page.  
 Update Personal Web Parts  
 Update Web Parts to display personalized information.  
 Add Items  
 Add items to lists and add documents to document libraries.  
 Edit Items  
 Edit items in lists, edit documents in document libraries, and customize Web Part Pages in document libraries.  
 Delete Items  
 Delete items from a list and documents from a document library.  
 Create Groups  
 Create a group of users that can be used anywhere within the site collection.  
 Browse Directories  
 Enumerate files and folders in a Web site using SharePoint Designer and Web DAV interfaces.  
 View Items  
 View items in lists and documents in document libraries.  
 Use Self-Service Site Creation  
 Create a Web site using Self-Service Site Creation.  
 View Pages  
 View pages in a Web site.  
 Approve Items  
 Approve a minor version of a list item or document.  
 Enumerate Permissions  
 Enumerate permissions on the Web site, list, folder, document, or list item.  
 Open Items  
 View the source of documents with server-side file handlers.  
 View Versions  
 View past versions of a list item or document.  
 Delete Versions  
 Delete past versions of a list item or document.  
 Browse User Information  
 View information about users of the Web site.  
 Create Alerts  
 Create alerts.  
 Manage Alerts  
 Manage alerts for all users of the Web site.  
 View Application Pages  
 View forms, views, and application pages. Enumerate lists.  
 Use Remote Interfaces  
 Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site.  
 Use Client Integration Features  
 Use features which launch client applications. Without this permission, users will have to work on documents locally and upload their changes.  
 Allows users to open a Web site, list, or folder in order to access items inside that container.  
 Edit Personal User Information  
 Allows a user to change his or her own user information, such as adding a picture.  
Question by:adelia_associates
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 19

Expert Comment

ID: 34180009
What kind of access does he have on his domain account? He probably belongs to a group that has been granted rights trough the SharePoint install. I would look at his AD group membership and go from there. If you can, remove him from all groups in AD and go from there.

Author Comment

ID: 34180019
Do you know where those groups are granted rights through the Sharepoint install?  I'm not the AD administrator so can't check what groups he's in until Monday, but it would help to know where those might have been set so I can confirm that theory.  
LVL 19

Accepted Solution

Montoya earned 2000 total points
ID: 34180386
You can look in central admin, to be sure that no global groups are included in admin. An AD group can be included anywhere in your install, so I would start at central admin, then move down through the site collections, etc...
You could theoretically create a site collection to test. If he has rights in that new site collection, then he has some sort of admin rights. If he doesn't, then he probably has rights at a site collection level.


Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
A while back, I ran into a situation where I was trying to use the calculated columns feature in SharePoint 2013 to do some simple math using values in two lists. Between certain data types not being accessible, and also with trying to make a one to…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question