Access denied to readers to sub sites  SharePoint 2010

Posted on 2011-05-07
Last Modified: 2012-05-11
Access denied to SharePoint 2010 sites with read access and contributor also at some sub sites.
      Long story short, had a webapp initially using a classic authentication and the converted to claims via central admin.  All users have been re-added and things were working fine. Unfortunately something happened latter on somehow hold and discovery feature was turned on and suddenly one fine morning we saw number of share point groups created record center web service submitter to sub site. I don’t know if that is the issues or something else. No proper logging for access denied, I cannot find this activity in the 14 hive or IIS logs or in the logging database. Where the hell does this go.  We are using claims based no FBA yet all NTLM users AD users. All Sites uses publishing features and all standard SharePoint features out of box.

1)      Some users are getting access denied even though they were given read access.
2)      Access denied on  pages where I  built custom web part  using Metal, LINQ This web part works only for users with contributor permissions.
3)      Some Sub sites people get access denied even though the site inherits or not. Exclusive permissions given to users but still not working.
4)      Access denied to contributors when they click add a document to document lib, they see the “add new item” link. So had to turn off hold feature which was activated at the site level. Once I deactivated people area able to add documents.  This does not happen for any other kind of list type, users can add contacts or links.
5)      When a web part is added without spmetal, if the web part has any other button events or click events, it works fine for all users.
6)      I have configured super user super readers also, and also ran  webapplication.migrate users (true) ps command, then completely access denied to admins , then I had to give owner write via stsamd addusers then I got complete access to the site,then cleaned upall sites role and re added users to all groups and sites.
7)      No master page ,or site pages or styles custom are checked out , all are published .
8)      Any help is greatly appreciated. I want to get my environment into control else, I look like a fool and also really very much interested to know what the hell is happening.

Question by:Audi08
    LVL 5

    Expert Comment

    Here is how you can troubelshoot this problem :-

    1) Download Filemon tool and check on WFE and SQL Server if you can getting access denied  for the windows resources.

    2) Use the following blog to get the User at every access level. These API are directly fecthing the data from SharePoint Database :-
    LVL 5

    Accepted Solution

    have you followed the following article to migrate teh user to claims based authentication ?
    LVL 1

    Author Comment

    yes i did , now for this has gone worse.
    Access denied to all publishing pages
    I try to activate a publishing feature on the site, I get access denied.
    I created a page using publishing pages, when I clicked the created page I get access denied in this site collection. Activating this feature SharePoint Server Publishing I get access denied. I am the farm admin, site collection admin and also site owner having full permissions. It lets me create pages in sites already created by publishing features, when I create new pages and access them I get access denied error.

    Create a new site and then activate the server publishing feature access denied.  Please through your comments

    LVL 1

    Author Closing Comment

    actually it aided me, but did not fix it, we ended up completely cleaning it up and redo security.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    We were having a lot of "Heartbeat Alerts" in our SCOM environment, now "Heartbeat" in a SCOM environment for those of you who might not be familiar with SCOM is a packet of data sent from the agent to the management server on a regular basis, basic…
    I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
    Viewers will learn the different options available in the Backstage view in Excel 2013.
    The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now