Mystery Access Denied Troubleshooting in SharePoint

Problem

In a MOSS 2007 installation we have a site with a wiki library. The wiki library has been customized a bit with event handlers to do some fancy automatic permission assignments to individual wiki pages and prevent some users from approving wiki pages that they are not allowed to. This was done so that every user is able to add, read, edit wiki pages but let individual identified users handle the approval of the pages in a large wiki library. These details are probably inconsequential.

The real problem is there is a single user who can can read, add, and edit wiki pages. He is also assigned to approve some wiki pages. However, when he attempts to view the history of a wiki page for approval he gets an access denied error. The history page for a wiki page in a wiki library is an application page (in _layouts directory) with the following path: http://<path to sharepoint site>/_layouts/VersionDiff.aspx?ListID=<my wiki library id>&ID=<id for the wiki page>&Source=<return path>

The user also experiences this error when clicking the link to view incoming links. The path for this page is: http://<path to sharepoint site>/_layouts/BackLinks.aspx?ListID=<my wiki library id>&ID=<id for the wiki page>

This user has the following permissions being applied:

  • Site Permissions – Limited Access
  • List Permissions – Limited Access
  • Item Permissions – Design

This user is also part of a domain group which has the following permissions being applied:

  • Site Permissions – Limited Access
  • List Permissions – Contribute
  • Item Permissions – Contribute

Solution

I started a thread in the TechNet SharePoint forum in hopes of finding someone who has run into this problem before. Thanks to the folks in the forums, there were a few suggestions on how to resolve the problem. Unfortunately, I didn’t have the opportunity to try most of these. But here are the suggestions:

  • Delete the user from the SharePoint site and re-add the user and re-apply permissions.
  • Recreate the AD account
  • Assign a higher level privillege to a parent object (This is the band aid that I applied which resolved the problem)
Fork me on GitHub

List of SharePoint 2007 Web Templates

I came across this reference in the past and I needed it again today. Took me a few minutes to find it, so I decided to save a copy of the table here on my blog:

Template Name Description
GLOBAL#0  Global template (1033)
STS#0  Team Site (1033)
STS#1  Blank Site (1033)
STS#2  Document Workspace (1033)
MPS#0  Basic Meeting Workspace (1033)
MPS#1  Blank Meeting Workspace (1033)
MPS#2  Decision Meeting Workspace (1033)
MPS#3  Social Meeting Workspace (1033)
MPS#4  Multipage Meeting Workspace (1033)
CENTRALADMIN#0  Central Admin Site (1033)
WIKI#0  Wiki Site (1033)
BLOG#0  Blog (1033)
BDR#0  Document Center (1033)
OFFILE#0  Records Center (1033)
OFFILE#1  Records Center (1033)
OSRV#0  Shared Services Administration Site (1033)
SPS#0  SharePoint Portal Server Site (1033)
SPSPERS#0  SharePoint Portal Server Personal Space (1033)
SPSMSITE#0  Personalization Site (1033)
SPSTOC#0  Contents area Template (1033)
SPSTOPIC#0  Topic area template (1033)
SPSNEWS#0  News Site (1033)
CMSPUBLISHING#0  Publishing Site (1033)
BLANKINTERNET#0  Publishing Site (1033)
BLANKINTERNET#1  Press Releases Site (1033)
BLANKINTERNET#2  Publishing Site with Workflow (1033)
SPSNHOME#0  News Site (1033)
SPSSITES#0  Site Directory (1033)
SPSCOMMU#0  Community area template (1033)
SPSREPORTCENTER#0  Report Center (1033)
SPSPORTAL#0  Collaboration Portal (1033)
SRCHCEN#0  Search Center with Tabs (1033)
PROFILES#0  Profiles (1033)
BLANKINTERNETCONTAINER#0  Publishing Portal (1033)
SPSMSITEHOST#0  My Site Host (1033)
SRCHCENTERLITE#0  Search Center (1033)
SRCHCENTERLITE#1  Search Center (1033)
SPSBWEB#0  SharePoint Portal Server BucketWeb Template (1033)

Preventing Redirection to My Site Host When Browsing User Profiles

Problem

I was working with a client with a MOSS 2007 implementation where MySites were completely disabled and making heavy use of user profiles. Eventually, we noticed that when a user clicked on a hyperlink to get user information they would be redirected to http://MySiteHost/Person.aspx?account=something (we will refer to this as the Person Page or PP).  The problem was that the client had not branded the MySites host and did not want users to navigate to it whatsoever. After some digging we found that the hyperlinks were actually linking the users to http://MySharePointHost/_layouts/userdisp.aspx?ID=### (we will refer to this as the User Info Page or UIP).

Solution

Some research showed that users navigating to UIP would automatically be redirected to the PP when the a user profile existed for the user being displayed in the UIP. After making sure MySites were in fact disabled in our production farm and reading a some posts on the TechNet forms we came across the answer. We needed to uninstall the MySite feature from the production farm in order to disable the redirection. This was easily accomplished by a simple STSADM command:

stsadm -o uninstallfeature -name MySite

How To: Remove or hide the “Site Actions” menu

I came across the request for this from a client I was working with. The client pointed me to some research he found on web (one link from MSDN and another from another blog). After some reading and further research, I found a great post that walks you through doing this.

Essentially, the solution is to wrap the SiteActions control with a SPSecurityTrimmedControl in the master page. The only trick to this is identifying the appropriate permission string to use for the control so you do not remove the menu from users who will actually need to use it. The string can easly be composed after reviewing the set of users (or a group of users) who will need access and checking the rights associated permission levels granted those users (or group).

Important Custom SharePoint List Template Notes

I came across these notes on creating custom list templates when I was searching for a quick reference on list types and base type definitions to use in the CAML ListTemplate element. I copied them verbatim here for my reference. The original post can be found here: http://karinebosch.wordpress.com/walkthroughs/create-custom-list-templates-in-caml/

Important details to note are:

  • FeatureId (optional): This is the ID of the feature in which the list template is defined
  • BaseType (required): Specifies the base type, or default schema, for lists created using this template. See the table below for the 5 possibilities.
  • Type: this is the template type on which the new list template is based. Se the table below for all base types of standard SharePoint list templates.
  • DisplayName: the display name of the list template.

More details can be found in André Vala’s post.

The following table lists the 5 base types:

Base Type Description
0 Generic List
1 Document Library
3 Discussion List
4 Survey
5 Issue List

The following table lists all available list templates with their template type id and their corresponding feature id:

Type of list TemplateId FeatureId
Generic List 100 00BFEA71-DE22-43B2-A848-C05709900100
Document Library 101 00BFEA71-E717-4E80-AA17-D0C71B360101
Survey 102 00BFEA71-EB8A-40B1-80C7-506BE7590102
Links List 103 00BFEA71-2062-426C-90BF-714C59600103
Announcements List 104 00BFEA71-D1CE-42de-9C63-A44004CE0104
Contacts List 105 00BFEA71-7E6D-4186-9BA8-C047AC750105
Events List 106 00BFEA71-EC85-4903-972D-EBE475780106
Tasks List 107 00BFEA71-A83E-497E-9BA0-7A5C597D0107
Discussion List 108 00BFEA71-6A49-43FA-B535-D15C05500108
Picture Library 109 00BFEA71-52D4-45B3-B544-B1C71B620109
Data Sources 110 00BFEA71-F381-423D-B9D1-DA7A54C50110
Site template gallery 111
User Information List 112
Web Part gallery 113
List Template gallery 114
XML Form Library 115 00BFEA71-1E1D-4562-B56A-F05371BB0115
Master Pages gallery 116
No-Code Workflows 117 00BFEA71-F600-43F6-A895-40C0DE7B0117
Custom Workflow Process 118 00BFEA71-2D77-4A75-9FCA-76516689E21A
Wiki Page Library 119 00BFEA71-C796-4402-9F2F-0EB9A6E71B18
Grid List 120 00BFEA71-3A1D-41D3-A0EE-651D11570120
Data Connection Library 130 00BFEA71-DBD7-4F72-B8CB-DA7AC0440130
Workflow History 140 00BFEA71-4EA5-48D4-A4AD-305CF7030140
Gantt Task List 150 00BFEA71-513D-4CA0-96C2-6A47775C0119
Meeting Series List 200
Meeting Agenda List 201
Meeting Attendees List 202
Meeting Decision List 204
Meeting Objectives List 207
Meeting Things to Bring List 211
Meeting Workspace Pages List 212
Blog Posts List 301
Blog Comments List 302
Blog Categories List 303
Status Indicator (KPI) List 432 7ED6CD55-B479-4EB7-A529-E99A24C10BD3
Report Library 433 6E53DD27-98F2-4AE5-85A0-E9A8EF4AA6DF
Publishing Pages Library 850
Issue Tracking List 1100 00BFEA71-5932-4F9C-AD71-1557E5751100
Administrator Tasks List 1200
Translation Management Library 1300 29D85C25-170C-4df9-A641-12DB0B9D4130
Translation List 1301 29D85C25-170C-4df9-A641-12DB0B9D4130
Slide Library 2100

0BE49FE9-9BC9-409d-ABF9-702753BD878D