You may encounter an issue with SharePoint 2010 document libraries that prevents users from check-out or edit documents in the document library. The issue occurs when you break the security inheritance of the document library. Regardless of what permission the users have on the document library, they will not be able to check-out documents or edit them unless they have at least a “Read” Permission on the parent web. Here’s how to reproduce this issue…
- On SharePoint farm, create new web application and new site collection (In my case it was Publishing site)
- Create any document library on that site
- Break security inheritance on that document library.
- Give a user (UserX for example) contribute permission on that document library, now the user X have appropriate permission to access that document library. After you do that, userX now has only “Limited Access” on the root web.
Note: Once you break the inheritence of any item, list or document library, and you give the user certain permission on that object, SharePoint assigns that user automatically a “Limited Access” permission on the parent web to ensure navigability to that object.
- From any client machine that has office 2010 installed. Login to the new web application using UserX. navigate to the document library. Try to check out the document. You fail. Try to edit the document, you fail as well.
- On the server, grant this UserX a read permission on the web, try to perform the same activities like checkout and edit with userX, now you can.
Diagnosing this issue shows that IE send a SOAP message to the SharePoint server, which internally generates “Access Denied” exception without returning any appropriate response to the caller. There is an IE Add-in named “OpenDocuments class” that generates the SOAP request and sends it back to SharePoint which causes the unexpected exception to be generated. Tests with different browsers may produce different results.
This issue occurs only with Enterprise Wiki and Publishing templates of SharePoint Server 2010 and was not reproduced on other templates like “team site”. We expect to see a fix in Service pack 1 or later for this issue.
You must log in to post a comment.