Category: Permissions

SharePoint: Windows auth user not equal to SAML auth user

I’ve been over this concept with customers and support engineers so many times, that I’m not sure why I haven’t posted about it before. My colleague Adam posted on this topic a while back, but I wanted to expand on that a bit. The Setup: Let’s say you have a SharePoint (2013, 2016, 2019, Subscription

SharePoint: 403 Forbidden accessing libraries and certain links in Site Settings

This was a special situation where most of the site appeared to work, but certain links under Site Settings would fail with 403 Forbidden. For example: Themes Master Pages Solutions Composed looks List Templates Most document libraries Actually, in some cases, the page request would result in Access Denied, and redirect the user to the

SharePoint: Check Permissions and External Tokens – ADFS (SAML auth)

This post is the third part of a series on the “Check Permissions” function. It’s focused on Trusted Provider authentication aka: SAML-claims. The way “Check Permissions” works varies by authentication method. For Windows or FBA auth, see my other posts: Windows-Claims Authentication: Forms-based Authentication (FBA): Notes: I’ll be talking about Active Directory Federation

SharePoint: The Complete Guide to PortalSuperUserAccount and PortalSuperReaderAccount

What are the Super User and Super Reader accounts for? This is explained pretty well on Docs here: In general, they are used in the process of making SharePoint Publishing sites (any site using the publishing features) render quickly and efficiently. Please keep in mind that these accounts are not actually required to be

SharePoint: Users randomly lose permission – are deleted from site

This is a good one. It appears to be both random and intermittent (it’s actually neither), and is extremely hard to track down. It’s known as the “SID mismatch” problem. Consider the following scenario: Intermittently, when a user browses to a resource (site, list, etc) that they are supposed to have access to, they receive

SharePoint: Issues with profile pictures when MySite uses SAML auth

  There are a couple known issues with user profile pictures when your Mysite web application uses Trusted Provider (ADFS / SAML) authentication. Symptoms There are two different known symptoms with the same cause and solution: #1When running User Profile Synchronization, nothing is imported or exported. In the Forefront Identity Manager (FIM) client, we see

SharePoint 2013: Troubleshooting Check Permissions – Windows auth

Update 11/24/19: Although the “Background” section below applies to all SharePoint versions and authentication types, this post is specific to Windows Authentication (NLTM or Kerberos) within SharePoint 2013. For SharePoint 2016, see this post: For Forms-based authentication see this: And for Trusted Provider (SAML) auth, see this: Why should you care? Having “Check