Full Control Rights User (Owners Group) cannot create sub sites

Sharing a live issue in one of our SharePoint 2013 application.

A user who is part of Owners group on a SharePoint site (having Full control), is not able to create subsites. When they do they receive an error “Sorry, you don’t have access to this page” or “Access Denied”.

If they are added as Site collection Administrator, they are able to successfully create subsite.

Analysis:

Looking at the ULS logs, the following error appears:

SPRequest.UpdateField: UserPrincipalName=i:0).w|s-1-5-21–4218016322-16051, AppPrincipalName= ,bstrUrl=http://projects-wst.***.com/****/collab/pt/rfq/ ,bstrListName={E8F681E0-C8AB-4454-9C52-376AADCB7112} ,bstrXML=<Field Type=”TaxonomyFieldTypeMulti” DisplayName=”HashTags” StaticName=”HashTags” Name=”HashTags” ID=”{333b1bc2-0532-4872-96f1-bbbdead35a56}” Description=”****” SourceID=”{2e9ba01e-b042-49ce-8993-e16635268252}” List=”{c442bc26-f509-4ec7-9da0-a8fe0234924e}”

On finding the name of the list mentioned in the error log, it appears to be SharePoint Taxonomy Hidden List. This list can be reached through UI by appending the URL Lists/taxonomyhiddenlist

Img

Cause:

This hidden list’s permissions should have Full Control (Owner) group added. However there was no user / group added to the list permissions. It was not inheriting security.

Administrators may have stripped these hidden lists using a PowerShell command during a process to clean up permissions on the site collection in staging, preparing it for a migration to their production server.

The permissions were broken (Unique permissions were applied on the list).

Solution:

Just inheriting the permissions got back Owners group added to the list.

Now when Owner group users tried creating the subsite, it got created successfully.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s