Search code examples
migrationsharepoint-2013access-denied

Access denied to folder with unique permissions in Sharepoint 2013 after migration


I have a problem after migration of site to sharepoint 2013.

I made 2 scenarios:

Scenario 1: I migrated the site with document library. The Document library has unique permissions. Inside this document library I have a folder with unique permissions also. In this folder I have added specific user to have read permissions only to this folder. This user is not added in the site nor in the document library (only in the folder).

The user had Access Denied when he tried to access the folder

Then, I have deactivated the feature Limited-access user permission lockdown mode at site collection level.

Again the user had Access Denied when he tried to access the folder.

Scenario 2: I deactivated the feature Limited-access user permission lockdown at site collection level. I migrated the site described above and the user can successfully access the folder.

The difference between the two scenarios is that in Scenario 1 firstly I migrated the site and then i deactivated the feature and in Scenario 2 firstly I deactivated the feature and then I migrated the site.

How can I solve the issue with Access Denied in Scenario 1. I have a lot of migrated sites and I can not migrate them again.

Thanks


Solution

  • I believe the cause is that the reason Scenario 2 worked is because it granted the required Limited Access when the data was migrated. However, this never had a chance to occur when the feature was deactivated post migration. To correct this I suggest you use PowerShell. Now you can't add Limited Access to a user directly, but you can add it to a group. So I would suggest something like this:

    • Add the group to SharePoint, but do not select a permission level
    • Place the users within you need to have limited access
    • Run the following PowerShell Commands to add the Limited Access:

      $spGroup = $spWeb.SiteGroups["Limited Access Group"]; $spWeb.RoleAssignments.Add($spGroup);

    Take special note I am using SiteGroups and not Groups, because the group hasn't been added to the site yet roles yet. The next command will do that though. You will not see the group in the GUI but if you check the group by running:

    $spWeb.Groups["Limited Access Group"];
    

    You will see the role {Limited Access} has been added. Everything should be good after that.

    Dave