Default groups and access to Site but not Site Collection

Posted on 2011-03-02
Last Modified: 2012-05-11

This is a 2 part SharePoint Server 2010 question.

1.- Is it possible to browse/navigate using the UI to _layouts/permsetup.aspx?
In MOSS this was done by click Groups > Settings > Setup Groups

2.- Is it possible to give a user access to: http://server/siteCol/DepSite BUT not access to http://server/siteCol/

Or do they always have to have access to the SiteCollection before they can access a site within that site collection?

We have numerous site collections with subsites. We have subsite Owners granting access to users from other site collections, but they're always been greeted with Access Denied, until they have some sort of access (view) to the site collection.

Since the subsite owners aren't able to give access to the site collection, it's kind of useless allowing them to give users access to their own site. And we also don't want these "Other site collection users" access to the site collection.


Bob is the owner of the site Pedals.
Pedals is a site in the site collection Bicycles.
Bob only has Viewing rights in Bicycles.

Bob has a friend "Jay" in another site collection "Skates Boards".
Bob would like to give Jay view only access to Pedals.
So Bob goes to  http://site/_layouts/user.aspx and adds Jay to the Visitors Group.
Jay receives an email from saying Welcome to Pedal Visitos.
Jay clicks the link and receives ACCESS DENIED
Bob calls Sam (the SP administrator) saying Jay can't access Pedals.
Sam adds Jay to Bicycle Visitors.

Now Jay has access to Bicycles and Pedals.

Thanks :)
Question by:raybies
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Expert Comment

ID: 35024211
For creating such permissions where you dont want the users to see the top level site collection but see the subsites on which they have access, you will have to provide some access to the users on the site collection as well.

Alternatively, you can provide related links to the users which they can click directly and move to the individual sub sites without going to the site collections.

However,All the sites on which the user has or will have a foot print should have some access for that user.
LVL 16

Author Comment

ID: 35024653
How do you propose I add a user to the site collection, without using a catch all group or specifically adding that user to the site collection.

It seems really stupid to have to give a user access to the whole site collection, just to look at; say 1 document of a subsite.


Accepted Solution

logideepak earned 500 total points
ID: 35024831
when you want the user to view a document in the document library and provide a specific permission to that user on the document library, Sharepoint by itself provides the "Restricted Read" permission to that user on the Sharepoint sub site on which the document library is physically located.

However, in your case the document library is located in the sharepoint sub site, so as soon as you provide the access to the user on the document library, he will get a default access on the sharepoint sub site.

Now as far as the parent site collection goes in, you can provide a read access to the user on the site collection, so that he can see the site collection and simultaneously move to the share point sub site from there itself.

In my experience, when I did not wanted users to have the read access on the parent site, I used to create a dummy list / library and provide contribute access to the user and hidden the list link from the site. this in turn would have provided him with the "Restricted Read" access on parent site collection as well.

Expert Comment

ID: 35025621
I know what is your problem:
Your user have access to the Pedals site but cannot open some pages (maybe the default page, or all pages) because these pages are using resources of the Bicyles site.
(masterpage, images, xsl, css, webpart, ...)

Try to open the /Pedals/_layouts/viewlsts.aspx page to know if the problem is in the Pedals' masterpage.
If yes, remove all the Bicyles resources called in the masterpage.

If not, the problem is on your default page (or another) => look at the webparts, debug them if they are custom, or check their config to know which resources they are loading.

Good luck, this problem is hard to fix :)
LVL 16

Author Comment

ID: 35032994
Nomoho: It was a good idea, but no. /_layouts/viewlsts.aspx Error: Access Denied
Even though the account has full control.

logideepak: The issue is we need to be able to allow Site Owners to control permissions to their site.

Our company has ~4000 users and we can't give all these users access to every single site collection just in case they need to access a subsite.

Within Bicycles there are 100's of sites and some are inheriting permissions while others have broken inheritance.

Anyway I tried your solution even though it's not elegant... giving domain users "Limited Access" on the site collection by granting them access to a List, and it works.

Have you got a solution for part 1 of the question? I need a way for site owners to be able to create the default groups after breaking inheritance.



Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The vision: A MegaMenu for a SharePoint portal home page The mission: Make it easy to maintain. Allow rich content and sub headers as well as standard links. Factor in frequent changes without involving developers or a lengthy Dev/Test/Prod rel…
A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question