Wednesday, September 22, 2010

"No item exists" - Modifying a default permission level leads to a problem

As you can guess from the title - I have tried to modify a permission level on a sharepoint site and at some point it broke my securable objects.

Issue: The user can't see the item that he just created . The error- "No item exists..". The list item can have inherited permissions and it can have unique permissions with setup permissions level for a creator - it doesn't change behavior. "Manage permissions" shows user should have a permission on the item, Effective permission report (Microsoft SharePoint Administration Toolkit v4.0 x86 ) shows "No effective permission for the user".

If you ever seen this - you are lucky to have my answer, or unlucky - if it still drives you crazy and my solution doesn't work for you.

Solution: After a week of researching with a team of 3 people - we finally came to the point to blame the modified default permission level on the site.  Seems that at some point the modification of permission level on the web site mixed up the security on some lists (it didn't affect all objects! which I consider really strange!) . To fix the issue - I had to re-inherit the permission levels from the site collection.

!Attention  - Once you re-inherit the permission level, all unique permissions on the site will be destroyed!
Here is a note from Microsoft:
 Important   Inheriting permissions from the parent site permanently discards all custom permissions that you might have created on any securable object for this site. This means that all lists, libraries, folders within those lists and libraries, list items, and documents lose all their unique permission settings.
 Anyway, even I have a lots object to take care of ( I made a code to return the unique permission set back), I have reset the permission level - inherit and edit - It gave a nice non-modified permission levels, and I copied the permission level instead modifying the predefined one, and set permissions set that I like to see on my own permission level. Finally assigned this permission level to a particular group\users.
And now it works!!!

Be happy, breathe freely!

By the way, I spoke with a Microsoft support team - they don't recommend modifying the out-of-box permission levels.... even though they left such nice way to do it)