[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1182
  • Last Modified:

Access denied to readers to sub sites SharePoint 2010

Access denied to SharePoint 2010 sites with read access and contributor also at some sub sites.
      Long story short, had a webapp initially using a classic authentication and the converted to claims via central admin.  All users have been re-added and things were working fine. Unfortunately something happened latter on somehow hold and discovery feature was turned on and suddenly one fine morning we saw number of share point groups created record center web service submitter to sub site. I don’t know if that is the issues or something else. No proper logging for access denied, I cannot find this activity in the 14 hive or IIS logs or in the logging database. Where the hell does this go.  We are using claims based no FBA yet all NTLM users AD users. All Sites uses publishing features and all standard SharePoint features out of box.

1)      Some users are getting access denied even though they were given read access.
2)      Access denied on  pages where I  built custom web part  using Metal, LINQ This web part works only for users with contributor permissions.
3)      Some Sub sites people get access denied even though the site inherits or not. Exclusive permissions given to users but still not working.
4)      Access denied to contributors when they click add a document to document lib, they see the “add new item” link. So had to turn off hold feature which was activated at the site level. Once I deactivated people area able to add documents.  This does not happen for any other kind of list type, users can add contacts or links.
5)      When a web part is added without spmetal, if the web part has any other button events or click events, it works fine for all users.
6)      I have configured super user super readers also, and also ran  webapplication.migrate users (true) ps command, then completely access denied to admins , then I had to give owner write via stsamd addusers then I got complete access to the site,then cleaned upall sites role and re added users to all groups and sites.
7)      No master page ,or site pages or styles custom are checked out , all are published .
8)      Any help is greatly appreciated. I want to get my environment into control else, I look like a fool and also really very much interested to know what the hell is happening.


Regards
Audi
0
Audi08
Asked:
Audi08
  • 2
  • 2
1 Solution
 
navdeepmadanCommented:
Here is how you can troubelshoot this problem :-

1) Download Filemon tool and check on WFE and SQL Server if you can getting access denied  for the windows resources.

2) Use the following blog to get the User at every access level. These API are directly fecthing the data from SharePoint Database :-

http://navdeep19.wordpress.com/2011/03/25/overview-of-the-sharepoint-2010-security-model/
0
 
navdeepmadanCommented:
have you followed the following article to migrate teh user to claims based authentication ?

http://technet.microsoft.com/en-us/library/gg251985.aspx
0
 
Audi08Author Commented:
yes i did , now for this has gone worse.
Access denied to all publishing pages
I try to activate a publishing feature on the site, I get access denied.
I created a page using publishing pages, when I clicked the created page I get access denied in this site collection. Activating this feature SharePoint Server Publishing I get access denied. I am the farm admin, site collection admin and also site owner having full permissions. It lets me create pages in sites already created by publishing features, when I create new pages and access them I get access denied error.

Create a new site and then activate the server publishing feature access denied.  Please through your comments
Regards
Audi

0
 
Audi08Author Commented:
actually it aided me, but did not fix it, we ended up completely cleaning it up and redo security.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now