Category: Permissions

SharePoint: 403 Forbidden accessing libraries and certain links in Site Settings

This was a special situation where most of the site appeared to work, but certain links under Site Settings would fail with 403 Forbidden. For example: Themes Master Pages Solutions Composed looks List Templates Most document libraries Actually, in some cases, the page request would result in Access Denied, and redirect the user to the

SharePoint: Check Permissions and External Tokens – ADFS (SAML auth)

This post is the third part of a series on the “Check Permissions” function. It’s focused on Trusted Provider authentication aka: SAML-claims. The way “Check Permissions” works varies by authentication method. For Windows or FBA auth, see my other posts: Windows-Claims Authentication: https://joshroark.com/sharepoint-troubleshooting-check-permissions-windows-auth/ Forms-based Authentication (FBA): https://joshroark.com/sharepoint-check-permissions-and-external-tokens-fba/ Notes: I’ll be talking about Active Directory Federation

SharePoint: The Complete Guide to PortalSuperUserAccount and PortalSuperReaderAccount

What are the Super User and Super Reader accounts for? This is explained pretty well on Docs here: https://docs.microsoft.com/en-us/SharePoint/administration/configure-object-cache-user-accounts In general, they are used in the process of making SharePoint Publishing sites (any site using the publishing features) render quickly and efficiently. Please keep in mind that these accounts aren’t actually required to be set

SharePoint: Users randomly lose permission – are deleted from site

This is a good one, it appears to be both random and intermittent, and is extremely hard to track down. It’s known as the “SID mismatch” problem. Consider the following scenario: Intermittently, when a user browses to a resource (site, list, etc) that they are supposed to have access to, they receive “Access Denied“, or

SharePoint: Issues with profile pictures when MySite uses SAML auth

  There are a couple known issues with user profile pictures when your Mysite web application uses Trusted Provider (ADFS / SAML) authentication. Symptoms There are two different known symptoms with the same cause and solution: #1When running User Profile Synchronization, nothing is imported or exported. In the Forefront Identity Manager (FIM) client, we see

SharePoint 2013: Troubleshooting Check Permissions – Windows auth

Update 11/24/19: This post is specific to Windows Authentication (NLTM or Kerberos) within SharePoint 2013. For SharePoint 2016, see this post: https://joshroark.com/sharepoint-2016-check-permissions-windows-auth/ For Forms-based authentication see this: https://joshroark.com/sharepoint-check-permissions-and-external-tokens-fba/ And for Trusted Provider (SAML) auth, see this: https://joshroark.com/sharepoint-check-permissions-and-external-tokens-adfs-saml-auth/ Why should you care? Having “Check Permissions” fail to give you an accurate representation of user permissions can be