Re: MOSS 2007 - Why aren't interited permissions working?
- From: Peter <Peter@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 29 Mar 2007 09:36:04 -0700
Thanks again Mike. I was able to resolve the problem without creating
another group. The root cause was that one of the groups contained in ":Corp
IT All" was a Distribution group, and not a Security group. As a result of
this, all members in this group did not have access. I had our AD
administrators change the qroup in question to a Security group, did an
incremental refresh on the User Profiles database and presto, the users had
access.
In SharePoint, it will not use Distribution AD groups for security access,
even if they are contained in a Security group.
My apologies for this post, but perhaps the replies will help with other
users who may experience this issue.
/Peter
"Mike Walsh" wrote:
It wouldn't have drastic consequences if the AD group was being used in.
another place because you wouldn't be deleting the AD group.
You would only be removing it's access to this SharePoint site. (my 4 = ">>
4. Remove the rights from Corp it All." should be read in conjunction with
3. i.e. it is remove the rights *to (access) the site*
As for "no write access to AD" - somebody in your company must have it,
surely. (and, yes, I'm in a company where I wouldn't like to ask either : )
But the main point is just that I've seen similar problems mentioned with
upgrades rather than new installations and haven't heard of any reasons and
so was trying to think of a non-SP way around this.
Mike Walsh
"Peter" <Peter@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8D075ABB-C37C-40A8-A4E1-7A49D40651BC@xxxxxxxxxxxxxxxx
Thank you very much for the reply Mike. Unfortunately, the workaround you
suggested won't be possible as I do not have write access to AD, plus this
would have drastic consequences if this security group was used in other
places.
Is there any other way that this can be circumvented without having to
delete the existing group?
/Peter
"Mike Walsh" wrote:
I have seen similar things reported.
I wonder if you could do the following.
1. Create a new AD security group (Corp IT All2).
2. Add all the members of Corp IT All to it.
3. Give that new AD group rights to the site.
4. Remove the rights from Corp it All.
I think that should remove the problem which seems to be that the
upgraded
site in some way retains only the original members of the AD group.
Mike Walsh
WSS FAQ http://www.wssfaq.com
No private e-mail please.
"Peter" <Peter@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A3CAF217-95D5-40E9-8ADE-517F4B8FC7DB@xxxxxxxxxxxxxxxx
Hi,
We are running MOSS 2007. We have an AD security group named ":Corp IT
All"
that is comprised entirely of other AD security groups. I have granted
a
Team Site "Contribute" permissions to the ":Corp IT All" AD security
group,
but not all members of this group can access the site. I do not want
to
add
explicit permissions as I would prefer to use the composite group. I
can
add
the group that explicitly contains the user to the team site and that
works.
The site in question was originally created in SP 2003, but upgraded to
MOSS
2007. When new members are added to one of the groups contained within
the
":Corp IT All" group, they are not gaining access, but users who were
previously in this group do have access. I have done an incremental
and
full
import of the user profiles into the Shared Services database and there
are
no issues that I can see when this is run.
I do not know what I am missing here, but it appears that the inherited
permissions are not working properly.
Thanks very much in advance.
- References:
- Re: MOSS 2007 - Why aren't interited permissions working?
- From: Mike Walsh
- Re: MOSS 2007 - Why aren't interited permissions working?
- From: Mike Walsh
- Re: MOSS 2007 - Why aren't interited permissions working?
- Prev by Date: SPS Webparts Missing for Various Users
- Next by Date: Excel Services Drillthrough
- Previous by thread: Re: MOSS 2007 - Why aren't interited permissions working?
- Next by thread: Re: Import Domino 5 database into MOSS Profile
- Index(es):
Relevant Pages
|
Loading
