Category: Permissions

SharePoint: Communications Sites missing links in Site Settings – DenyPermissionsMask

Problem: When you browse to site settings within a Communications site, you see that certain links under Web Designer Galleries are missing, such as: For example, Communications site on the left, and Teams site on the right: Also, if you browse directly to the Themes gallery by appending _catalogs/theme/Forms/AllItems.aspx to the URL and try to upload a file,

SharePoint: Delete user from site collection creates site outage

Consider the following scenario: You try to delete a user from a site collection, either in the UI (Site Settings | People and Groups | delete users from site collection), or by using the PowerShell command Remove-SPUser. The operation runs for a long time, during which the sites within that content database may suffer severe

SharePoint – Intermittent error: “Sorry, this site hasn’t been shared with you”

Consider the following scenario: Randomly, when a user browses to a resource (site, list, etc) that they are supposed to have access to, they receive “Sorry, this site hasn’t been shared with you” (access denied). The users continue to get “Access Denied” for a period of time, and then it starts working again after making

SharePoint: Quick Troubleshooting tip: Add user with Classic auth permission

As lame as this sounds, there have been a few (rare) situations where trying to do something with a Windows-Claims web application within Central Administration fails with an Access Denied (sorry, this site has not been shared with you) error due to lack of permissions for your Windows Classic authentication account. If you find a

SharePoint: Quick Troubleshooting Tip: Add the Account column to User Information List

Often while troubleshooting authentication or permission problems, you need to see the actual account name for the user or group added to permissions. This is particularly important in SAML / Trusted Provider authentication because the way the claim is being passed in the SAML assertion must match exactly with the way claim has been added

Keeping SharePoint happy during your domain migration

We’ve seen a few of different problems occur in SharePoint (2013, 2016, 2019) when users are being migrated from one domain to another. They usually come up in one of the following areas: People Picker People Picker may show either or both accounts depending on which domain SharePoint is in, and how PP is configured

SharePoint 2016: Check Permissions – Windows Auth

I’ve written several blog posts on the “Check Permissions” function and its reliance on the “External Token”, including one for SharePoint 2013 with Windows authentication, which you may consider as some good pre-reading to this post, as it discusses the External Token and the details around trying to refresh that token non-interactively. Suffice to say