Thursday, September 25, 2014

Inconvenient Document Template Access Issues and Send To connections in SharePoint

What?

You have a SharePoint site (Site A) that has got a content type with a document template attached to it.
You have created a few documents using the document template and them moved them into a different site (Site B).

A user who has access to the document in the new location (Site B) but does not have access to Site A tries to access it and gets prompted to authenticate against Site A.

Eventually being a not so technical end user, he gets his accounts locked after trying his credentials repeatedly.

Why?

When a document that was created using a template that is associated with its content type is moved or copied to a different location, it still points to the original document template using which it was created in the original location. When a user who does not have access to the site from which the document is copied from, he/she will be prompted to authenticate against the site where the document originally was created.

How?

Document templates that are attached to content types are uploaded to a folder at the root of the site called "_cts". It is not possible to alter permissions on that folder.

The easiest way to handle this would be to create a custom permission level which will only have the below permissions. All the below permissions are required at a minimum:

  • View Application Pages - View forms, views, and application pages. Enumerate lists.
  • Use Remote Interfaces - Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site. 
  • Open - Allows users to open a Web site, list, or folder in order to access items inside that container.

Create a new SharePoint group and only give the above newly created permission level to it, then add the user "DOMAIN USERS" or "Everyone" to it.

Due to the very limited permissions that are given to users in this group, users in the new group won't be able to access any content in the site. They however will still be able to access the structure of the site and the list of all the lists and libraries in the site but wont be able to access content inside them.

No comments:

Post a Comment