Solved

Sharepoint 2010 Explicit Deny Permissions on all Users

Posted on 2013-01-28
4
2,401 Views
Last Modified: 2013-02-18
Have something strange that's happened at one of our clients with Sharepoint 2010.  Today when trying to edit a list withing Sharepoint they were not able to make changes.  When trying to resolve conflicts SharePoint informs the user they don't have permission to make changes to the list.

I went to list permissions and used the "Check Permissions" button and used serveral users.  SharePoint spits out the following:

Permission levels given to User X 

Full Control  
 Given through the "Shipway External SharePoint Owners" group.  
 
Contribute  
 Given through the "Shipway External SharePoint Members" group.  
 
 
The following factors also affect the level of access for User X  
 
Deny  
 Manage Permissions  
 Create and change permission levels on the Web site and assign permissions to users and groups.  
 
Deny  
 Create Subsites  
 Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.  
 
Deny  
 Manage Web Site  
 Grants the ability to perform all administration tasks for the Web site as well as manage content.  
 
Deny  
 Add and Customize Pages  
 Add, change, or delete HTML pages or Web Part Pages, and edit the Web site using a Microsoft SharePoint Foundation-compatible editor.  
 
Deny  
 Manage Lists  
 Create and delete lists, add or remove columns in a list, and add or remove public views of a list.  
 
Deny  
 Apply Themes and Borders  
 Apply a theme or borders to the entire Web site.  
 
Deny  
 Apply Style Sheets  
 Apply a style sheet (.CSS file) to the Web site.  
 
Deny  
 Override Check Out  
 Discard or check in a document which is checked out to another user.  
 
Deny  
 Manage Personal Views  
 Create, change, and delete personal views of lists.  
 
Deny  
 Add/Remove Personal Web Parts  
 Add or remove personal Web Parts on a Web Part Page.  
 
Deny  
 Update Personal Web Parts  
 Update Web Parts to display personalized information.  
 
Deny  
 Add Items  
 Add items to lists and add documents to document libraries.  
 
Deny  
 Edit Items  
 Edit items in lists, edit documents in document libraries, and customize Web Part Pages in document libraries.  
 
Deny  
 Delete Items  
 Delete items from a list and documents from a document library.  
 
Deny  
 Create Groups  
 Create a group of users that can be used anywhere within the site collection.  
 
Deny  
 Use Self-Service Site Creation  
 Create a Web site using Self-Service Site Creation.  
 
Deny  
 Approve Items  
 Approve a minor version of a list item or document.  
 
Deny  
 Delete Versions  
 Delete past versions of a list item or document.  
 
Deny  
 Create Alerts  
 Create alerts.  
 
Deny  
 Manage Alerts  
 Manage alerts for all users of the Web site.  
 
Deny  
 Edit Personal User Information  
 Allows a user to change his or her own user information, such as adding a picture.  

Open in new window


Not sure what to do.  I checked the permissions in Central Administration on the Web Application itself but do not see any groups assigned specific deny permissions.  Your help is appreciated.
0
Comment
Question by:RyanHartwick
  • 3
4 Comments
 
LVL 50

Expert Comment

by:Ingeborg Hawighorst
ID: 38829697
Hello,

you may have to remove all the permission assignments in "Manage Permission Policy Levels" via Central Admin > Application Management > Manage web applications and then re-create them. See here for a similar issue:

http://social.technet.microsoft.com/forums/en-US/sharepointadminprevious/thread/ad8f9591-be8a-4664-bbf7-e39bca58101e

cheers, teylyn
0
 

Author Comment

by:RyanHartwick
ID: 38829742
I read this post but we cannot remove the default policies in place.  Trying to delete the "Deny All" policy for instance gives us an error stating that the policy is reserved.  I also tried simply editing the Deny All policy and changing all the deny's to grant's so to speak and then saving it.  That did not work either.
0
 

Accepted Solution

by:
RyanHartwick earned 0 total points
ID: 38885575
This actually turned out to be related to the web application being set to read-only mode after a Windows update.
0
 

Author Closing Comment

by:RyanHartwick
ID: 38900944
Eventually was able to contact someone who put e on to the solution.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lync server 2013 or Skype for business Backup Service Error ID 4049 – After File Share Migration
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now