Pages

6/14/2014

SharePoint Check Out and Check In Issues

 

As I work to complete my SharePoint security book (only three years so far), I've been testing just about every combination of permissions looking for benefits and side effects. While working on a custom permission level with minimum permissions for an Add, Edit but not Delete user I ran into some interesting issues with Check Out and Check In.

Access Denied… You would think that Check Out and Check In are core document management features that would be available to any user who can edit a document. Turns out two unlikely permissions are needed: Browse User Information and Use Remote Interfaces.

 

Access Denied when checking in a document. (2010 and 2013 on prem and 365)

image   image

Solution:

User must have the Browse User Information permission to check in files! (This is included in the Contribute permission level.)

This one is certainly not obvious, and could be an issue if you removed this permission to hide the ability to view other users in the site.

 

Access Denied when checking out a document (2010)

image

Solution:

User must have the Use Remote Interfaces permission to check out files! (This is included in the Contribute permission level.)

This one is certainly not obvious, and could be an issue if you removed this permission to hide the ability to view other users in the site.

Looks like Microsoft made a change in SharePoint 2013 so that this one is no longer an issue.

 

.

No comments:

Post a Comment

Note to spammers...
Spammers, don't waste your time... all posts are moderated. If your comment includes unrelated links, is advertising, or just pure spam, it will never be seen.