Problem:
- You create a sub site
- You set Unique permissions (no inheritance)
- You add a user who does not also have access to the top level site to the Owners group (or give them the Full Control permission).
- The new “owner” goes to add a web part and only sees the list and library web parts. All of the other normal web parts are not visible.
Turns out it’s a rights issue. The non-list web part definitions are stored in the top level site’s Web Parts Gallery and your user does not have access to the top level site and its lists.
A quick fix is to grant read, or better, rights to the user to the parent site. But… you may not want them to have access to the top level site.
It's not necessary to inherit permissions from the parent or grant elevated rights to the parent. Just grant rights to the Web Part Gallery!
If you grant READ rights to the Web Parts Gallery of the top level site to the sub site owners then all of the web parts in the gallery can be seen in the Add Web Part popup of the sub site.
As I bonus :-) I found that if you grant CONTRIBUTE rights to the Site Template Gallery in the parent, then the sub site owners can now see and use "Save Site as Template"! While they cannot see the Site Templates gallery, they can see the saved templates in the Custom tab of the Create screen. (And a negative, they can see all of the saved templates created by all of the sub site owners.)
Here's how to duplicate my test:
-
Create a group a the top level site (SubSiteOwners)
-
give it no permissions to the top level site
-
add the sub site owners
-
-
From the top level site go to Site Actions, Site Settings, Galleries and click Web Parts
-
Click Settings, Gallery Settings
-
Click Permissions for this gallery
-
Click Edit Permissions and OK
-
If the SubSiteOwners group is not displayed, click new and add them with READ permissions, or if SubSiteOwners is displayed click and add the READ permission
-
-
From the top level site go to Site Actions, Site Settings, Galleries and click Site templates
-
Repeat steps for the Web Parts gallery but add the CONTRIBUTE permission
-
-
Create a sub site with Unique permissions (and do not use the parents visitor group)
-
Now to test: Open a new browser and login as a sub site owner user and
-
Edit the page and add a web part
-
Go to Site Actions, Site Settings and click Save Site as Template
-
If you want to be just a little trickier, instead of granting READ to the web part gallery itself, grant rights for each individual web part item. That way you can control which web parts users can see.
Mike
.
2 comments:
When I follow the steps below and give them even no access to site templates, subsite owners are still able to add webparts, please briefly explain why should they have CONTRIBUTE access to site templates
From the top level site go to Site Actions, Site Settings, Galleries and click Site templates
Repeat steps for the Web Parts gallery but add the CONTRIBUTE permission
Only for the reason stated above:
'As I bonus :-) I found that if you grant CONTRIBUTE rights to the Site Template Gallery in the parent, then the sub site owners can now see and use "Save Site as Template"!'
With Read they can add the web parts, with Contribute they can also use "Save site as template".
If they don't need "Save site as template" then they don't need Contribute.
Post a Comment