Solved

Sharepoint 2010 Explicit Deny Permissions on all Users

Posted on 2013-01-28
4
2,355 Views
Last Modified: 2013-02-18
Have something strange that's happened at one of our clients with Sharepoint 2010.  Today when trying to edit a list withing Sharepoint they were not able to make changes.  When trying to resolve conflicts SharePoint informs the user they don't have permission to make changes to the list.

I went to list permissions and used the "Check Permissions" button and used serveral users.  SharePoint spits out the following:

Permission levels given to User X 

Full Control  
 Given through the "Shipway External SharePoint Owners" group.  
 
Contribute  
 Given through the "Shipway External SharePoint Members" group.  
 
 
The following factors also affect the level of access for User X  
 
Deny  
 Manage Permissions  
 Create and change permission levels on the Web site and assign permissions to users and groups.  
 
Deny  
 Create Subsites  
 Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.  
 
Deny  
 Manage Web Site  
 Grants the ability to perform all administration tasks for the Web site as well as manage content.  
 
Deny  
 Add and Customize Pages  
 Add, change, or delete HTML pages or Web Part Pages, and edit the Web site using a Microsoft SharePoint Foundation-compatible editor.  
 
Deny  
 Manage Lists  
 Create and delete lists, add or remove columns in a list, and add or remove public views of a list.  
 
Deny  
 Apply Themes and Borders  
 Apply a theme or borders to the entire Web site.  
 
Deny  
 Apply Style Sheets  
 Apply a style sheet (.CSS file) to the Web site.  
 
Deny  
 Override Check Out  
 Discard or check in a document which is checked out to another user.  
 
Deny  
 Manage Personal Views  
 Create, change, and delete personal views of lists.  
 
Deny  
 Add/Remove Personal Web Parts  
 Add or remove personal Web Parts on a Web Part Page.  
 
Deny  
 Update Personal Web Parts  
 Update Web Parts to display personalized information.  
 
Deny  
 Add Items  
 Add items to lists and add documents to document libraries.  
 
Deny  
 Edit Items  
 Edit items in lists, edit documents in document libraries, and customize Web Part Pages in document libraries.  
 
Deny  
 Delete Items  
 Delete items from a list and documents from a document library.  
 
Deny  
 Create Groups  
 Create a group of users that can be used anywhere within the site collection.  
 
Deny  
 Use Self-Service Site Creation  
 Create a Web site using Self-Service Site Creation.  
 
Deny  
 Approve Items  
 Approve a minor version of a list item or document.  
 
Deny  
 Delete Versions  
 Delete past versions of a list item or document.  
 
Deny  
 Create Alerts  
 Create alerts.  
 
Deny  
 Manage Alerts  
 Manage alerts for all users of the Web site.  
 
Deny  
 Edit Personal User Information  
 Allows a user to change his or her own user information, such as adding a picture.  

Open in new window


Not sure what to do.  I checked the permissions in Central Administration on the Web Application itself but do not see any groups assigned specific deny permissions.  Your help is appreciated.
0
Comment
Question by:RyanHartwick
  • 3
4 Comments
 
LVL 50

Expert Comment

by:teylyn
ID: 38829697
Hello,

you may have to remove all the permission assignments in "Manage Permission Policy Levels" via Central Admin > Application Management > Manage web applications and then re-create them. See here for a similar issue:

http://social.technet.microsoft.com/forums/en-US/sharepointadminprevious/thread/ad8f9591-be8a-4664-bbf7-e39bca58101e

cheers, teylyn
0
 

Author Comment

by:RyanHartwick
ID: 38829742
I read this post but we cannot remove the default policies in place.  Trying to delete the "Deny All" policy for instance gives us an error stating that the policy is reserved.  I also tried simply editing the Deny All policy and changing all the deny's to grant's so to speak and then saving it.  That did not work either.
0
 

Accepted Solution

by:
RyanHartwick earned 0 total points
ID: 38885575
This actually turned out to be related to the web application being set to read-only mode after a Windows update.
0
 

Author Closing Comment

by:RyanHartwick
ID: 38900944
Eventually was able to contact someone who put e on to the solution.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now