Tags: .NET Development, caml, client object model, data access, development, linq 2 sharepoint, odata, rest, sharepoint 2010, SharePoint Server 2010, Web Development
![Indispensable Experiences from 22 MVPs [Paperback]](http://alonsorobles.com/wp-content/uploads/2010/11/513yxKw1sHL._SL160_.jpg "Real World SharePoint 2010")
Real World SharePoint 2010
I never got around to buying Real World SharePoint 2007: Indispensable Experiences From 16 MOSS and WSS MVPs (Programmer to Programmer)
but, I did get a chance to glance through the book and there was some great material. Today, I found out that Real World SharePoint 2010: Indispensable Experiences from 22 MVPs is going to be available on November 23, 2010.
Of course, I just pre-ordered my copy.
Problem
In a MOSS 2007 installation we have a site with a wiki library. The wiki library has been customized a bit with event handlers to do some fancy automatic permission assignments to individual wiki pages and prevent some users from approving wiki pages that they are not allowed to. This was done so that every user is able to add, read, edit wiki pages but let individual identified users handle the approval of the pages in a large wiki library. These details are probably inconsequential.
The real problem is there is a single user who can can read, add, and edit wiki pages. He is also assigned to approve some wiki pages. However, when he attempts to view the history of a wiki page for approval he gets an access denied error. The history page for a wiki page in a wiki library is an application page (in _layouts directory) with the following path: http://<path to sharepoint site>/_layouts/VersionDiff.aspx?ListID=<my wiki library id>&ID=<id for the wiki page>&Source=<return path>
The user also experiences this error when clicking the link to view incoming links. The path for this page is: http://<path to sharepoint site>/_layouts/BackLinks.aspx?ListID=<my wiki library id>&ID=<id for the wiki page>
This user has the following permissions being applied:
- Site Permissions – Limited Access
- List Permissions – Limited Access
- Item Permissions – Design
This user is also part of a domain group which has the following permissions being applied:
- Site Permissions – Limited Access
- List Permissions – Contribute
- Item Permissions – Contribute
Solution
I started a thread in the TechNet SharePoint forum in hopes of finding someone who has run into this problem before. Thanks to the folks in the forums, there were a few suggestions on how to resolve the problem. Unfortunately, I didn’t have the opportunity to try most of these. But here are the suggestions:
- Delete the user from the SharePoint site and re-add the user and re-apply permissions.
- Recreate the AD account
- Assign a higher level privillege to a parent object (This is the band aid that I applied which resolved the problem)
I came across this reference in the past and I needed it again today. Took me a few minutes to find it, so I decided to save a copy of the table here on my blog:
| Template Name |
Description |
| GLOBAL#0 |
Global template (1033) |
| STS#0 |
Team Site (1033) |
| STS#1 |
Blank Site (1033) |
| STS#2 |
Document Workspace (1033) |
| MPS#0 |
Basic Meeting Workspace (1033) |
| MPS#1 |
Blank Meeting Workspace (1033) |
| MPS#2 |
Decision Meeting Workspace (1033) |
| MPS#3 |
Social Meeting Workspace (1033) |
| MPS#4 |
Multipage Meeting Workspace (1033) |
| CENTRALADMIN#0 |
Central Admin Site (1033) |
| WIKI#0 |
Wiki Site (1033) |
| BLOG#0 |
Blog (1033) |
| BDR#0 |
Document Center (1033) |
| OFFILE#0 |
Records Center (1033) |
| OFFILE#1 |
Records Center (1033) |
| OSRV#0 |
Shared Services Administration Site (1033) |
| SPS#0 |
SharePoint Portal Server Site (1033) |
| SPSPERS#0 |
SharePoint Portal Server Personal Space (1033) |
| SPSMSITE#0 |
Personalization Site (1033) |
| SPSTOC#0 |
Contents area Template (1033) |
| SPSTOPIC#0 |
Topic area template (1033) |
| SPSNEWS#0 |
News Site (1033) |
| CMSPUBLISHING#0 |
Publishing Site (1033) |
| BLANKINTERNET#0 |
Publishing Site (1033) |
| BLANKINTERNET#1 |
Press Releases Site (1033) |
| BLANKINTERNET#2 |
Publishing Site with Workflow (1033) |
| SPSNHOME#0 |
News Site (1033) |
| SPSSITES#0 |
Site Directory (1033) |
| SPSCOMMU#0 |
Community area template (1033) |
| SPSREPORTCENTER#0 |
Report Center (1033) |
| SPSPORTAL#0 |
Collaboration Portal (1033) |
| SRCHCEN#0 |
Search Center with Tabs (1033) |
| PROFILES#0 |
Profiles (1033) |
| BLANKINTERNETCONTAINER#0 |
Publishing Portal (1033) |
| SPSMSITEHOST#0 |
My Site Host (1033) |
| SRCHCENTERLITE#0 |
Search Center (1033) |
| SRCHCENTERLITE#1 |
Search Center (1033) |
| SPSBWEB#0 |
SharePoint Portal Server BucketWeb Template (1033) |
I came across the request for this from a client I was working with. The client pointed me to some research he found on web (one link from MSDN and another from another blog). After some reading and further research, I found a great post that walks you through doing this.
Essentially, the solution is to wrap the SiteActions control with a SPSecurityTrimmedControl in the master page. The only trick to this is identifying the appropriate permission string to use for the control so you do not remove the menu from users who will actually need to use it. The string can easly be composed after reviewing the set of users (or a group of users) who will need access and checking the rights associated permission levels granted those users (or group).