Hello.
I am trying to find a fix for a weird document library permissions and “visibility” issue in SharePoint 2013.
In two examples so far, the client has sites with the usual Owners, Contributing members and Visitors groups. All intended users are members of the appropriate groups. Permissions on document libraries have been separated from the parent, configured so that only specific users can view or modify. Running the “Check permissions” tool on user xyz library produces and confirms “Access for user abc: None”.
Oddly, if users click on “all site content”, they are able to see all document libraries listed. They can see names, tiles for other libraries, total number of items and modified date indicated beside each library tile. This is not good. The client does not want users to see a list of other users’ libraries.
If a user clicks on a document library for another user, the library page displays but items are not visible. That’s a small consolation but still not acceptable.
How do we make it so users do not see other users’ libraries listed in all site content?
Thanks in advance,
Theresa
Thanks again for testing, Henry.
We had pulled in some consultants a few weeks back, they made adjustments in CA, something related to profile syncing but that didn’t resolve the library view issue. Â One of my colleagues found what he thought was a work-around by adding, removing then re-adding permissions. Â It worked in some cases and not in others. Â No consistency.Â
We were about to make a call to Microsoft support then the holidays came. Something has to be done because this is slowing down the migration of one business requirement from 2007 to 2013. Â
I assume that if a person could articulate the issue to the SharePoint developers, they will come out with a fix in the next CU?
Thanks again for feeling our pain!Â
Even adding in a manual entry to say Test1 library, still Test4 user only see’s test 4. I stopped, removed and re-added the distributedcacheservice, still no joy. I cleared the cache of the distributedsecuritytrimming container type and many of the other ones and this made no difference.
Looked for the viewformspageslockdown feature in powershell but it was not present and upon further research it seems to be more associated with and activated on publishing sites.
So this is where I am at so far:
Created a site collection called Team and the top level site is using the out of the box team site template.
Created the three default SharePoint groups of Visitors, Members and Owners.
Added Test, Test1, Test2 to the Visitors group.
Created a library called Test, test1 and test2
Broke the inhertiance on the three libraries and added in only the corresponding users with full control.
Logging on witht he accounts shows the following:
Test – can see Test, Test1 and Test2 libraries.
Test1 – can see Test1 and Test2 libraries.
Test2 – can see only Test2 which is what I would expect.
Created another user called Test4 and a matching library, that was configured the same way as the previous libraries. Don’t ask me why I did test4 and not test3 as I don’t know :).
Test – can see Test, Test1, Test2 and Test4
Test1 – can see Test1, Test2 and Test4
Test2 – can see Test2 and Test4
Test4 – can see just Test4
So we at least have a pattern emerging here but not one that immediately makes any sense and is not a pattern that we want to see.
Patched the environment upto Oct 2013 CU and no difference.
I now cannot help think that something may be going on with the Distributed Cache Service so this is my next area of investigation.
Hi,
Thanks for that, will give it a try. But is this not just removing the site contents link? As it still seems that security trimming is not working the way we would expect it to with SharePoint generated links.
you can achieve same of deactivaing the feature by following chris obrien blog :Â http://www.sharepointnutsandbolts.com/2013/12/Using-CSOM-in-PowerShell-scripts-with-Office365.html
