SharePoint Review Center

Everything about SharePoint – Architecture, Design, Development, Configuration, Administration, Issues, and Fixes

Posts Tagged ‘anthony odole’

Access Denied Error Message While Editing Properties of any Document in a MOSS Document Library

Posted by Anthony Odole on January 30, 2009


When we go to properties of any document in document library even with full permission, we get access denied message if we try to edit the document properties. However we can open and edit the document successfully.


This is one of those errors that you spend a lot of time troubleshooting without a clue of why this is happening. As an experienced MOSS developer, you probably assume this is a permission issue; With this assumption, you use farm administrator account to log into the site, still you get access denied error page. You tried so many other steps, all to no avail. There is a good news and a bad news. Which one will you like me to talk about first? Just kidding!


Ok. The Good news is that you did not create or cause this issue. The bad news is that it is a bug. I’ve called and discussed this with the folks at Microsoft. There are two ways to fix this. Use step 1 to fix this issue in existing document libraries. Use step 2 to fix it in existing list templates



Step 1. For existing lists, you can run the following code to fix it. This here is a sample peace of code that should add the appropriate attribute to the list having the issue:


void FixField()


string RenderXMLPattenAttribute = “RenderXMLUsingPattern”

string weburl = “<http://localhost>”

string listName = “test2”

SPSite site = new SPSite(weburl);

SPWeb web = site.OpenWeb();

SPList list = web.Lists[listName];

SPField f = list.Fields.GetFieldByInternalName(“PermMask”);

string s = f.SchemaXml;

Console.WriteLine(“schemaXml before: ” + s);

XmlDocument xd = new XmlDocument();


XmlElement xe = xd.DocumentElement;

if (xe.Attributes[RenderXMLPattenAttribute] == null)


XmlAttribute attr = xd.CreateAttribute(RenderXMLPattenAttribute);

attr.Value = “TRUE”



string strXml = xe.OuterXml;

Console.WriteLine(“schemaXml after: ” + strXml);

f.SchemaXml = strXml;



Step 2: For existing stp (list templates) that are having this problem, you should be able to modify the manifest.xml to add the attribute, and repackage the stp. You simply would rename the .stp file to a .cab file, open the manifest.xml file packaged in the cab, make this change that is highlighted:


<Field ID=”{BA3C27EE-4791-4867-8821-FF99000BAC98}”












<FieldRef ID=”{1d22ea11-1e32-424e-89ab-9fedbadb6ce1}” Name=”ID”/>







Then repackage the manifest.xml file to a .cab file and rename it back to .stp. Upload the list template to the template gallery. Any subsequent lists created with this template should work as expected.

Microsoft promised to fix this in the next hotfix. Please note that to prevent new list templates from having this problem, you will need to update the fieldswss.xml via the next Hotfix. Please do not update fieldswss.xml manually.



** About the Author: Anthony Odole is a Senior Solution Architect with IBM Global Services. He is a SharePoint Subject Matter Expert. You can reach him at


Posted in Uncategorized | Tagged: , , , , , | 24 Comments »

Understanding Access to SSP and related configurations

Posted by Anthony Odole on August 19, 2008

Granting access to SSP remains very confusing to most SharePoint admin and developers alike. Based on the questions I’ve seen asked on most SharePoint newsgroup, SSP remains, other than Business Data Catalogue, an area that is confusing not only to administrators, but also developers. This is a very brief write up to help anyone trying to understand some of the configuration options in SSP.

Be aware that unlike in SharePoint 2003, MOSS 2007 does not give server administrators full control of web applications. To grant full control over web application, you must explicitly grant this permission. To do this, follow the steps below:

  1. Go to SharePoint Central Administration
  2. Go to Application Management tab
  3. Go to Application Security
  4. Go to Policy for Web Application
  5. Add users
  6. Specify individual user or a group
  7. Grant full control
  8. Then click finish.

Now, the user or group you added has full control of the web application.

Even though you have granted this full control, you will notice that the user still is unable to manage audiences, profiles, permissions, or usage analytics. To grant permission for this specific area, you need to follow the steps below:

  1. Log into SSP Administration Site.
  2. Go to Site Actions, then site settings
  3. Go to Users and Permissions
  4. Click on Advanced permissions
  5. Add individual Users or group
  6. This will allow users to login to the SSP administration site

At this point, the user or group will be able to login to SSP, manage Excel Service and search settings. To give the user or group more permission for personalization, you need to

  1. Go to User Profiles and My Sites
  2. Go to Personalization services permissions.
  3. Add Users/Groups
  4. Select which permissions you would like to grant.
  5. Click Save.

In MOSS Enterprise, you need explicitly grant access to Business Data Catalog. This is in addition to the steps above.

Below is a quick overview of what each permission allow a user to do

  • Create personal site: This give a user the user the capability to create My Site. The link to my site appears by default on the main page because of this permission. this is granted to all authenticated users by default. If you go to manage permission screen and remove all authenticated users, MySite will be removed.
  • Manage permissions: This enable user to change personalization permissions
  • Manage user profiles: This enable user to manage User profiles and properties, Profile services policies, and My Site Settings.
  • Use personal features: This enable users to use all the My Links functionality; users can also manage colleagues on their homepage.
  • Manage usage analytics this enable a user to modify usage reporting. Note that you can open the page using he available link but you will get a forbidden error if you try to save your changes. I usually call this a bug.
  • Manage audiences: This enables a user to click on the Audiences link on SSP page, where user can set schedule or define rules for building global audiences.

** About the Author: Anthony Odole is a Senior Solution Architect with IBM Global Services. He is a SharePoint Subject Matter Expert. You can reach him at

Posted in Uncategorized | Tagged: , , , , | Leave a Comment »