Skip to main content

SharePoint 2013 - Can't create Publishing Site (Access Denied)

I've stumbled upon an interesting issue this past week while working for a client and wanted to share just because I almost pulled my hair out trying to figure it out. I've provisioned a site collection with about a handful of sub-sites, each with their own unique permission structure (Owners, Members, Visitors, etc). I was surprised to find out that users that were part of Owners group could not create sub sites and encountered Access Denied error each time, like the one below.


A bit baffling, especially since Owners SharePoint security group has Full Control rights. After studying the ULS log it seemed as if everyone except for the top level Site Owners (and Site Collection Administrators) did not have rights to Device Channels list. A Device Channel basically controls how content is rendered within the Publishing Infrastructure in SharePoint 2013. For more on Device Channels please go here: Intro to Device Channels

Solution

To remedy this, I added Restricted Readers group to the permission set of Device Channels list:

1. Navigate to Site Settings, Device Channels. Or if it is easier just navigate to: http://YOUR_HOST_HEADER/DeviceChannels
2. Click on List Settings in the server ribbon
3. Click on Permissions for this list under Permissions and Management
4. Select Grant Permissions in the server ribbon and add Restricted Readers group


5. Now add users to Restricted Readers group. You can be selective here and add only a group of users, I simply added All Authenticated Users.

I hope this saves some time if you run into the same issue.

Comments

  1. Steve JefferyDecember 19, 2013 at 10:16 AM

    Thanks, this helped me!

    My issue was that for a custom site template I was getting an error thrown when members group was granted permission to create sub-sites. Assigned members group read permissions to this list and all good!

    Would love to know why this was necessary though when an OOTB site template worked fine without it...

    ReplyDelete
    Replies
    1. Ismar AlikadicDecember 19, 2013 at 10:40 AM

      Glad this was helpful!
      I believe this was noted as one of the known issues in RTM and finally addressed in the CU.

      Delete
    2. Steve JefferyDecember 20, 2013 at 4:03 AM

      The issue occurs in SharePoint online so not sure if it is addressed yet I'm afraid.

      Many thanks again - saved me hours of searching!

      Delete

Post a Comment

Popular posts from this blog

SharePoint Server Search - Error Starting

Problem I recently ran into this snag at a client site while setting up the Search Service Application.  I was able to create the service application without a problem however when I attempted to start the SharePoint Server Search service (Manage services on server page) I kept getting Error Starting . After taking a peak at the logs I found the following: An attempt to start/stop instance of service SharePoint Server Search on server did not succeed. Re-run the action via UI or command line on the specified server. Additional information is below. Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) I double/triple checked the permissions and made sure that my Farm Administrator account was a member of WSS_WPG and WSS_ADMIN_WPG groups, and that those groups had full control permissions to the C:\Windows\Tasks and C:\Windows\Temp folders. Resolution I nearly lost hope when I remembered my old lost friend called STSADM.EXE. Just like in the old da...
Post a Comment
Read more

SharePoint 2013 - Creating and Applying Composed Looks (PowerShell)

If you are a SharePoint administrator looking to quickly apply some basic branding to a site-collection in your SharePoint 2013 environment then you've come to the right spot. Before we begin I assume you have a basic understanding of what Composed Looks are, and perhaps you spent some time playing around with this concept in SharePoint 2013. If not, then don't worry.  Here is a basic primer: Composed Look is basically a package which contains elements used for controlling the overall look and feel of a SharePoint site.  This includes but not limited to Colors, Fonts, Background Image, CSS files, and Master Page files. Once created, Composed Look can be packaged by using the Design Manager feature, or we can use PowerShell to apply it across one or multiple site collections. NOTE: In this post we will be focusing on creating a composed look from an .spcolor file then using PowerShell to apply the design to a site-site collection of our choice.  We wil...
2 comments
Read more

SharePoint 2013 - Can't access the site externally in Internet Explorer ("Page cannot be displayed")

Synopsis Before we start talking about the problem let's understand the setup here.  We have a SharePoint 2013 intranet site that is also configured for access outside of the corporate network.  Employees use the same URL to visit the site both internally and externally via standard ports (80 and 443). Internal URL: http://sharepoint.domain.com Public URL: https://sharepoint.domain.com The site URL has been added to the Local Intranet zone in Internet Explorer for passing domain credentials. Alternate Access Mappings have been configured in such a way that if a user requests the site over HTTP they are automatically re-directed to HTTPS. Internal URL Zone Public URL for Zone https://sharepoint.domain.com Default https://sharepoint.domain.com http://sharepoint.domain.com Default https://sharepoint.domain.com Web application has been configured to use Kerberos protocol for authenticating incom...
7 comments
Read more