Monday, April 22, 2013

SharePoint Designer 2010: You do not have permission to do this operation

We had a user who had Design permissions on a subsite trying to edit a page in SharePoint Designer 2010.  The user could connect to the site in SPD.

When the user tried to edit a page he received the following error: "You do not have permission to do this operation.  Ask your web site administrator to change your permissions and then try again, or log on with a user account that has this permission."

After clicking OK, the user received this Master Page error message: "The Master Page file 'location of master page' cannot be loaded.  Attach a different Master Page, or correct the problem in Code view."

Since the Master Page was located at the site collection level and the user was editing in a subsite I checked the user's permissions.  Even though the user had Design permissions to the subsite, the user only had Read permissions at the site collection level.  So my suspicion was that the user did not have the proper permissions at the site collection level.  Thanks to Sue Hernandez's blog post for confirming this and also posting a link to the specific Microsoft KB article to support and confirm.  Microsoft explains:

Overall, an user needs to be a member of one of the following groups at the site collection level to be able to use SharePoint Designer and modify SharePoint content:

· Site Collection Administrators
· Designers
· Owners

Monday, April 8, 2013

Security Token Service Access Denied

Error message from ULS:

An exception occurred when trying to issue security token: The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs..
SPSecurityTokenService.Issue() failed: System.Runtime.InteropServices.COMException (0x80070005): Access is denied. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Exists(String path) at Microsoft.SharePoint.Administration.SPMetabaseObject.get_Exists() at Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceManager.<>c__DisplayClass8.b__6() at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass4.b__2() at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param) at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated secureCode) at Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceManager.EnsureSharePointLogonRequestClaims(Claim logonIdentityClaim, SPClaim& sharePointIdentityClaim) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.EnsureSharePointClaims(SPRequestInfo info, IClaimsIdentity outputIdentity) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.GetOutputClaimsIdentity(IClaimsPrincipal principal, RequestSecurityToken request, Scope scope) at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.Issue(IClaimsPrincipal principal, RequestSecurityToken request)     at Microsoft.SharePoint.IdentityModel.SPSecurityTokenService.Issue(IClaimsPrincipal principal, RequestSecurityToken request)


Reprovision the Secure Store Service.  In this specific situation simply adding the proper permissions to the database for the Secure Store Service account fixed the issue.  If you are not a DBA you could reprovision the Secure Store Service through Powershell by using the following commands and this would effectively do the same thing.

PS C:\> $mysts = Get-SPServiceApplication | ?{$_ -match "Security Token Service"}
PS C:\> $mysts

DisplayName TypeName Id
----------- -------- --
Security Token Se... Security Token Se...

 PS C:\> $mysts.StatusOnline
PS C:\> $mysts.Provision()

Wednesday, April 3, 2013

SharePoint 2010 Search Not Working

If all else fails, try removing all accounts from the web application User Policy and add them back.

Publishing Pages Library Causing Errors

I recently came across an issue where a publishing pages library "Pages" seemed to be causing errors.  I saw Correlation ID errors from the Site Actions menu, Edit Page and Manage Content and Structure menu options.  I also saw an error from the parent site collection's Manage Content and Structure tree view navigation when clicking on the subsite containing the offending Pages library.  The error I saw in the ULS: Pages list cache permission check failed.  Pages list with this URL is missing: Pages.  As it turns out, this site was in a SharePoint 2010 environment but still in 2007 mode.

To resolve the issue, check the offending document library setings, then got to advanced settings, and scroll down to the bottom, make sure  "Launch forms in dialog" is set to No.  Mine was initially set to Yes and when I changed the setting to No the problem was resolved.