Access Denied while creating Publishing Pages


I ran into one of those weird errors that just kind of gets under your skin because you think you’ve checked everything.

You’ve all seen Access Denied errors in SharePoint, but have you run into the one where users WITH proper permissions get it when trying to create a list item – in this case Publishing Pages? Very bizarre.

I checked all of the usual suspects, permission inheritance, draft items in Style Library, Master Page Gallery, etc. Nothing. But then when I reached out to the search engines just for giggles, I found this post by Gunnar Peipman which gave me exactly what I needed.

The permissions on the Master Page Gallery are unique, and users need at least “Restricted Read” to create pages. What’s frustrating is if you go into Site Permissions and view the Uniquely Secured Content, Master Page Gallery DOES NOT show up in that list. You’d think it would show you all uniquely secured content, but that’s not the case.

Thanks Gunnar for the short post with the fix!

1.Go to Site Actions -> Site Settings ->Modify all site settings
2.Go to Galleries -> Master pages and page layouts
3.From the list toolbar, select Settings -> Document library settings
4.Select permissions for this document library
5.Add ‘Restricted Read’ access to the required groups.

Advertisements

Remove SharePoint Groups using PowerShell


Disclaimer: This post and function is 100% taken from the book by Gary Lapointe and Shannon Bray entitled “Automating Microsoft SharePoint 2010 Administration with Windows PowerShell 2.0.”

This post goes hand in hand with my two recent posts entitled “Retrieve SharePoint Groups using PowerShell” and “Create SharePoint Groups using PowerShell.”  In those posts, we used PowerShell Functions to retrieve SP Groups and to create SP Groups.  The third piece of the puzzle is Remove-SPGroup.

Again, I have taken the code from Gary and Shannon’s book – however, this function adds comment-based help as well as a confirm prompt.  I thought it would be nice to add the ability to cancel out of the operation, plus it just looks fancy – and I like fancy.

Here’s the Remove-SPGroup function:

function Remove-SPGroup {
<#
.Synopsis
	Use Remove-SPGroup to delete a SharePoint Group.
.Description
	This function uses the Remove() method of a SharePoint RoleAssignments property in an SPWeb to create a SharePoint Group.
.Example
	C:\PS>Remove-SPGroup -Web http://intranet -Group "Test Group"
	This example removes a group called "Test Group" in the http://intranet site.
.Example
	C:\PS>$web = Get-SPWeb http://intranet
	C:\PS>$group = Get-SPGroup -Web $web -Group "Test Group"
	C:\PS>Remove-SPGroup $web $group
	This example also removes a group called "Test Group" from the http://intranet site, but this example uses $web and $group variables.
.Notes
	Name: Remove-SPGroup
	Author: Ryan Dennis
	Last Edit: July 18th 2011
	Keywords: Remove-SPGroup
.Link
	http://www.sharepointryan.com
 	http://twitter.com/SharePointRyan
.Inputs
	None
.Outputs
	None
#Requires -Version 2.0
#>
[CmdletBinding()]
	Param(
	[Microsoft.SharePoint.PowerShell.SPWebPipeBind]$Web,
	[string]$Group
	)
$SPWeb = $Web.Read()
# Prompting code
$title = "Delete SharePoint Group"
$message = "Do you want to delete the SharePoint Group?"
$yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", "Deletes the SharePoint Group."
$no = New-Object System.Management.Automation.Host.ChoiceDescription "&No", "Cancels and keeps the SharePoint Group."
$options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
$result = $Host.UI.PromptForChoice($title,$message,$options,0)
switch ($result)
{
	0 {"Deleting $($Group) Group."}
	1 {"Operation cancelled..."}
}
# End Prompting code
if ($result -eq 0){
$SPWeb.SiteGroups.Remove($Group)
$SPWeb.Dispose()
}
else {return}
}

Create SharePoint Groups using PowerShell


Disclaimer: This post and function is 100% taken from the book by Gary Lapointe and Shannon Bray entitled “Automating Microsoft SharePoint 2010 Administration with Windows PowerShell 2.0.”

This post goes hand in hand with my recent post called “Retrieve SharePoint Groups using PowerShell.”  In that post, we used a simple PowerShell Function to retrieve an SP Group and return the object in our command window.  In this function, we’re going to take the work a step further – we will use our function to create a new SharePoint Group.

Again, I have taken the code from Gary and Shannon’s book – the only addition I have made is comment-based help.  Since I intend to use these functions, I like to have help so I can go back and see examples and things like that.

The function provided in the book is very nice, it consists of 5 parameters and will has some built-in error handling – example: if the group already exists it will tell you so…

I have tested this a few times, and the function works great!

Without further ado, here’s the function:

function New-SPGroup {
<#
.Synopsis
	Use New-SPGroup to create a SharePoint Group.
.Description
	This function uses the Add() method of a SharePoint RoleAssignments property in an SPWeb to create a SharePoint Group.
.Example
	C:\PS>New-SPGroup -Web http://intranet -GroupName "Test Group" -OwnerName DOMAIN\User -MemberName DOMAIN\User2 -Description "My Group"
	This example creates a group called "Test Group" in the http://intranet site, with a description of "My Group".  The owner is DOMAIN\User and the first member of the group is DOMAIN\User2.
.Notes
	Name: New-SPGroup
	Author: Ryan Dennis
	Last Edit: July 18th 2011
	Keywords: New-SPGroup
.Link
	http://www.sharepointryan.com
 	http://twitter.com/SharePointRyan
.Inputs
	None
.Outputs
	None
#Requires -Version 2.0
#>
	[CmdletBinding()]
	Param(
	[Microsoft.SharePoint.PowerShell.SPWebPipeBind]$Web,
	[string]$GroupName,
	[string]$OwnerName,
	[string]$MemberName,
	[string]$Description
	)
	$SPWeb = $Web.Read()
	if ($SPWeb.SiteGroups[$GroupName] -ne $null){
		throw "Group $GroupName already exists!"	
	}
	if ($SPWeb.Site.WebApplication.UseClaimsAuthentication){
		$op = New-SPClaimsPrincipal $OwnerName -IdentityType WindowsSamAccountName
		$mp = New-SPClaimsPrincipal $MemberName -IdentityType WindowsSamAccountName
		$owner = $SPWeb | Get-SPUser $op
		$member = $SPWeb | Get-SPUser $mp
	}
	else {
	$owner = $SPWeb | Get-SPUser $OwnerName
	$member = $SPWeb | Get-SPUser $MemberName
	}
$SPWeb.SiteGroups.Add($GroupName, $owner, $member, $Description)
$SPGroup = $SPWeb.SiteGroups[$GroupName]
$SPWeb.RoleAssignments.Add($SPGroup)
$SPWeb.Dispose()
return $SPGroup
}