Monday, August 3, 2015

Authentication prompt issue, Office File, Read permissions

Hello again to all, I would like to share with you another strange / mystery issue with SharePoint 2013.
My customer just came to me with the question - I can't open an office file with explicit user permissions, why?
 
At the beginning I can't believe that the office file couldn't be opened when the users has explicit file permissions (permissions ONLY over the file, no web application, no site collection, no site permissions). When the user tries to open the file the login prompt pops up, asking for credentials, even if you enter valid credentials you will be unable to open the file, it will continue prompt you for credentials and at the bottom, at the status bar of the file you will see "Updating Workflow Status", but we don't have any workflows assigned to the site / site collection / library.
 
 
Inside the application log you will see EventId 8026 notifying you about this problem:
 
 
A lot of people in Tech Net Forum thought it must be related to the permissions or browser settings, but none of this was true. Even with ULS you will be unable to catch the root cause of this problem. 
 
In my case all of the site collections are using a custom template and I was thinking that the problem could be related to it. So I create a new site collection based on default Team Site template and granted to a specific user explicit modify permissions ONLY on one office file. Guess what - THE PROBLEM DOES NOT OCCURED :-)

OK, now I know for sure that the problem is with the custom template used for the site collections, but what is it?

I start comparing the site collection features, activate and deactivate features and trying to reproduce the issue - without success :-(

Until I found Limited-access user permission lockdown mode, remember this feature because this is the root cause of the aforementioned problem. Activating this feature will cause the users with explicit file permissions to be unable to open office files.

So deactivate Limited-access user permission lockdown mode site collection feature to eliminate issues with explicit user permissions over office files.

Please share this post if you think it is useful.

Happy SharePoint-ing to all :-)
 

No comments:

Post a Comment