Wednesday, July 1, 2015

Sharepoint 2007 - Access Denied when you try to edit

Recently I received an “Access Denied” error when I try to edit the list item in SP 2007.

I found the following solution from here (I coped same text below), which resolved the issue.

 

Here is the situation:

  • In a site collection, you make a new list/document library in any sub-site or the main website.
  • You then add a new item/document to the folder, and then attempt to edit the item
  • You then see something along the lines of "Access Denied" , even if you are on the system account.
  • This happens with every new list you create on any site or subsite.
Your problem is a corrupted field definition at the site collection level.

Specifically the "Effective Permissions Mask" is missing an attribute in it's xml scheme -

RenderXMLUsingPattern="TRUE"

The fix comes in 3 steps:

1. Update your server to the most recent cumulative update package (Service pack 2 or greater). You can get more information about this from the Sharepoint team blog post on SP2. Included in SP2 is a hotfix that prevents this from occurring ever again on any other site collections, but it does not fix sites already effected by it.


2. To fix sites that are already having this problem, first we need to fix the field definition. Thanks to Vicki Dillon who pointed me in the right direction (but the wrong field =) )

The easiest way to accomplish this is to use: sharepoint manager 2007


  1. Run sharepoint manager 2007 and navigate to the site collection you are having problems with.
  2. Expand the site collection until you see "Fields"
  3. Scroll down this long list until you come to "Effective Permissions Mask" (also goes by the static name of PermMask )
  4. Go to the SchemaXML, copy it out into notepad to wordpad, and add the following value:
  5. RenderXMLUsingPattern="TRUE"
    (I just tacked that onto the end, right before version="1")

This will prevent new lists from being created with out the RenderXMLUSingPatter=True value.

3. Now to fix the lists you already have made that need fixing.. You can either do this using SPmanger or you can do my favored option and fire up visual studio and compile the following code:

using System;
using System.Collections.Generic;
using System.Text;
using Microsoft.SharePoint;
using System.Xml;
namespace CA_TestingHotfix
{
class Program
{
static void Main(string[] args)
{
FixField(args);
}
static void FixField(string[] args)
{
string RenderXMLPattenAttribute = "RenderXMLUsingPattern";
//Console.WriteLine("Please enter the URL of the site: (Press enter after typing):");
string weburl = args[0];
//Console.WriteLine("Please enter the Document Library Name: (Press enter after typing):");
string listName = args[1];
SPSite site = new SPSite(weburl);
SPWeb web = site.OpenWeb();
SPList list = web.Lists[listName];
SPField f = list.Fields.GetFieldByInternalName("PermMask");
string s = f.SchemaXml;
Console.WriteLine("schemaXml before: " + s);
XmlDocument xd = new XmlDocument();
xd.LoadXml(s);
XmlElement xe = xd.DocumentElement;
if (xe.Attributes[RenderXMLPattenAttribute] == null)
{
XmlAttribute attr = xd.CreateAttribute(RenderXMLPattenAttribute);
attr.Value = "TRUE";
xe.Attributes.Append(attr);
}
string strXml = xe.OuterXml;
Console.WriteLine("schemaXml after: " + strXml);
f.SchemaXml = strXml;
}
}
}

Since this touches the Sharepoint Model directly, remember to add the assembly reference to your local copy of Microsoft.sharepoint.dll to avoid compiling errors. Thanks to Jeff1024 for posting this code he got from the microsoft support team.

Run the program on the local server from the command line with two variables, the first one is the site that the list you are fixing is located in, the second is the name of the list to fix.

Tuesday, May 19, 2015

SharePoint 2013 Manage Services link missing

I noticed “Manage Services on Server” link is missing from Central Administration, I know it should be there under System Settings.

 

After google, I found its a common issue most users have and solution is “Try running IE with elevated privileges, (run as administrator)”

Friday, August 1, 2014

Finding Access Rights for Specific User in SharePoint 2007 using Powershell

Today I got a ticket saying, two users are not able to access the SharePoint site and not sure whether they have permissions or not. If they have what kinds of permissions? Since SharePoint 2007 don’t have an option to check, we depend on either on custom code or Powershell.

 

I want to do this pretty quick because of the ticket, I googled for powershell script and found the following site which really works well

 

http://www.sharepointdiary.com/2013/01/audit-user-permissions-in-sharepoint.html

 

Here is the code I got it from above mentioned site and made very few changes to make it dynamic

[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint") #DECLARE VARIABLES [string]$siteUrl = $args[0] [string]$userToFind = $args[2] #IF MISSING PARM FOR SITE URL, ASK FOR INPUT TO FILL if($args.length -eq 0) { DisplayMissingParametersMessage } function DisplayMissingParametersMessage { #Write-Output "You are missing a parameter for 'Site URL'" $script:siteURL = Read-Host "Enter Site URL" $script:userToFind = Read-Host "Enter User to Find" } #Get All Web Applications Function global:Get-SPWebApplication($WebAppURL) { if($WebAppURL -eq $null) #Get All Web Applications { $Farm = [Microsoft.SharePoint.Administration.SPFarm]::Local $websvcs = $farm.Services | where -FilterScript {$_.GetType() -eq [Microsoft.SharePoint.Administration.SPWebService]} $WebApps = @() foreach ($websvc in $websvcs) { foreach ($WebApp in $websvc.WebApplications) { $WebApps = $WebApps + $WebApp } } return $WebApps } else #Get Web Application for given URL { return [Microsoft.SharePoint.Administration.SPWebApplication]::Lookup($WebAppURL) } } Function global:Get-SPSite($url) { if($url -ne $null) { return New-Object Microsoft.SharePoint.SPSite($url) } } Function global:Get-SPWeb($url) { $site= Get-SPSite($url) if($site -ne $null) { $web=$site.OpenWeb(); } return $web } Function GetUserAccessReport($WebAppURL, $SearchUser) { #Get All Site Collections of the WebApp $SiteCollections = Get-SPWebApplication($WebAppURL) $SiteCollections= $SiteCollections.Sites #Write CSV- TAB Separated File) Header "URL `t Site/List `t Title `t PermissionType `t Permissions" | out-file UserAccessReport.csv #Check Whether the Search Users is a Farm Administrator $ca= [Microsoft.SharePoint.Administration.SPAdministrationWebApplication]::Local.Sites[0].RootWeb #Get Central Admin $AdminSite = Get-SPWeb($ca.URL) $AdminGroupName = $AdminSite.AssociatedOwnerGroup.Name $FarmAdminGroup = $AdminSite.SiteGroups[$AdminGroupName] foreach ($user in $FarmAdminGroup.users) { if($user.LoginName -eq $SearchUser) { "$($AdminSite.URL) `t Farm `t $($AdminSite.Title)`t Farm Administrator `t Farm Administrator" | Out-File UserAccessReport.csv -Append } } #Check Web Application Policies $WebApp= Get-SPWebApplication $WebAppURL foreach ($Policy in $WebApp.Policies) { #Check if the search users is member of the group if($Policy.UserName -eq $SearchUser) { #Write-Host $Policy.UserName $PolicyRoles=@() foreach($Role in $Policy.PolicyRoleBindings) { $PolicyRoles+= $Role.Name +";" } #Write-Host "Permissions: " $PolicyRoles "$($WebAppURL) `t Web Application `t $($AdminSite.Title)`t Web Application Policy `t $($PolicyRoles)" | Out-File UserAccessReport.csv -Append } } #Loop through all site collections foreach($Site in $SiteCollections) { #Check Whether the Search User is a Site Collection Administrator foreach($SiteCollAdmin in $Site.RootWeb.SiteAdministrators) { if($SiteCollAdmin.LoginName -eq $SearchUser) { "$($Site.RootWeb.Url) `t Site `t $($Site.RootWeb.Title)`t Site Collection Administrator `t Site Collection Administrator" | Out-File UserAccessReport.csv -Append } } #Loop throuh all Sub Sites foreach($Web in $Site.AllWebs) { if($Web.HasUniqueRoleAssignments -eq $True) { #Get all the users granted permissions to the list foreach($WebRoleAssignment in $Web.RoleAssignments ) { #Is it a User Account? if($WebRoleAssignment.Member.userlogin) { #Is the current user is the user we search for? if($WebRoleAssignment.Member.LoginName -eq $SearchUser) { #Write-Host $SearchUser has direct permissions to site $Web.Url #Get the Permissions assigned to user $WebUserPermissions=@() foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings) { $WebUserPermissions += $RoleDefinition.Name +";" } #write-host "with these permissions: " $WebUserPermissions #Send the Data to Log file "$($Web.Url) `t Site `t $($Web.Title)`t Direct Permission `t $($WebUserPermissions)" | Out-File UserAccessReport.csv -Append } } #Its a SharePoint Group, So search inside the group and check if the user is member of that group else { foreach($user in $WebRoleAssignment.member.users) { #Check if the search users is member of the group if($user.LoginName -eq $SearchUser) { #Write-Host "$SearchUser is Member of " $WebRoleAssignment.Member.Name "Group" #Get the Group's Permissions on site $WebGroupPermissions=@() foreach ($RoleDefinition in $WebRoleAssignment.RoleDefinitionBindings) { $WebGroupPermissions += $RoleDefinition.Name +";" } #write-host "Group has these permissions: " $WebGroupPermissions #Send the Data to Log file "$($Web.Url) `t Site `t $($Web.Title)`t Member of $($WebRoleAssignment.Member.Name) Group `t $($WebGroupPermissions)" | Out-File UserAccessReport.csv -Append } } } } } #******** Check Lists with Unique Permissions ********/ foreach($List in $Web.lists) { if($List.HasUniqueRoleAssignments -eq $True -and ($List.Hidden -eq $false)) { #Get all the users granted permissions to the list foreach($ListRoleAssignment in $List.RoleAssignments ) { #Is it a User Account? if($ListRoleAssignment.Member.userlogin) { #Is the current user is the user we search for? if($ListRoleAssignment.Member.LoginName -eq $SearchUser) { #Write-Host $SearchUser has direct permissions to List ($List.ParentWeb.Url)/($List.RootFolder.Url) #Get the Permissions assigned to user $ListUserPermissions=@() foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings) { $ListUserPermissions += $RoleDefinition.Name +";" } #write-host "with these permissions: " $ListUserPermissions #Send the Data to Log file "$($List.ParentWeb.Url)/$($List.RootFolder.Url) `t List `t $($List.Title)`t Direct Permissions `t $($ListUserPermissions)" | Out-File UserAccessReport.csv -Append } } #Its a SharePoint Group, So search inside the group and check if the user is member of that group else { foreach($user in $ListRoleAssignment.member.users) { if($user.LoginName -eq $SearchUser) { #Write-Host "$SearchUser is Member of " $ListRoleAssignment.Member.Name "Group" #Get the Group's Permissions on site $ListGroupPermissions=@() foreach ($RoleDefinition in $ListRoleAssignment.RoleDefinitionBindings) { $ListGroupPermissions += $RoleDefinition.Name +";" } #write-host "Group has these permissions: " $ListGroupPermissions #Send the Data to Log file "$($Web.Url) `t Site `t $($List.Title)`t Member of $($ListRoleAssignment.Member.Name) Group `t $($ListGroupPermissions)" | Out-File UserAccessReport.csv -Append } } } } } } } } } #Call the function to Check User Access GetUserAccessReport $siteUrl $userToFind
Wednesday, October 23, 2013

How to Log Errors in SharePoint Hosted Apps?

It is most common thing to log error message if some exception occurs within the code, so that user can find out what causing the error. It is straight forward if you using Server side object model. Since Hosted apps only use JavaScript object model and its bit new to many of us, not sure which namespace/class to use.

 

We use SP.Utilities.Utility.logCustomAppError method to log the app errors. Following is the sample code

 

 

function onFail(sender, args) {

    logAppError(args.get_message() + '\n' + args.get_stackTrace());
}

function logAppError(message) {
    SP.Utilities.Utility.logCustomAppError(context, message);
    this.context.executeQueryAsync();
}

Wednesday, October 16, 2013

SharePoint 2013 App Model – How to View list With in APP

If you working on SharePoint 2013 APP, at some point you defiantly want to see list items contained within the app. Unfortunately there is no navigation to traverse to list.

 

To view specific list in “APP Web”, you directly type the url which specified in the following format in browser

http://<APP WEB URL>/<APP NAME>/Lists/<List Name>/AllItems.aspx

Ex: http://app-0eb6021fad963e.apps.com/sites/SP2K13/WhiteCaseEDARAPP/Lists/Calendar/AllItems.aspx

 

If in case you want to see the List settings,

  • Click “Modify View” under List tab

image

  • Click on “Settings” link as shown below

image

Friday, August 30, 2013

SharePoint 2007 – Custom Alert Template Issue

Recently one of our Business user requested to use “Custom Alerts on old SharePoint” even though we are in the process of upgrading to SharePoint 2013.

 

Anyway I found a nice article to implement “Custom Alert Templates” here. This is what I did, in simple steps.

  • Created a copy of “AlertTemplates.xml” found in 12 hive\Templates\XML
  • Created a new “AlertTemplate” section with in the XML and gave the unique name (simply copy the GeneraicList and renamed the Name)
  • Made couple of changes to Styles and layout (adding new tables to show Company logo)
  • Ran the STSADM command to update the template
  • Create a  small tool in VS to update the template name to specific list
  • Reset the IIS
  • Reset the SharePoint Timer Service

 

Even though I followed same as mentioned in the article, still alert emails are defaulting to the old template no matter what i did (Even I made exact changes to generic list section to see at least its falling into that)

 

After spending couple of days, I removed existing alerts on the list and created new one. Now i see the emails with update template.

I found out that, if we already have alerts setup on the list before updates, even you change the list to use different template (through code), SharePoint still sends alert emails using the template that was assigned to the list at the time of Alert setup.

 

Lesson learned !!!

Tuesday, July 9, 2013

SharePoint 2013 - “We’re having a problem opening this location in File Explorer, Add this web site to your Trusted sites list and try again”

I got the following error, when I try to open the library within file explorer, I received following error message

 

“We’re having a problem opening this location in File Explorer, Add this web site to your Trusted sites list and try again”

image

As it says, i tried to add the current site to Trusted List, but still having the issue to open in file explorer. After goggling a bit, I found that I have to enable the “WebClient” service.

 

Steps

1. Go to Run, type “Services.msc” and press Enter.

2. Select “WebClient” service and start the service, if you already have.

For me it’s not showing, so I have to Install “Desktop Experience” feature. To do that

1. Go to Run, type “Server Manager” and press Enter.

2. Select Features and then select Add Features

image

image

3. Select “Desktop Experience” checkbox and select “Add Required Features” on following popup screen

image

4. Click “Next”

5. Click “Install”

6. Once you restart the computer, start the “WebClient” service.

image