Skip to main content

SharePoint 2013 - Can't create Publishing Site (Access Denied)

I've stumbled upon an interesting issue this past week while working for a client and wanted to share just because I almost pulled my hair out trying to figure it out. I've provisioned a site collection with about a handful of sub-sites, each with their own unique permission structure (Owners, Members, Visitors, etc). I was surprised to find out that users that were part of Owners group could not create sub sites and encountered Access Denied error each time, like the one below.


A bit baffling, especially since Owners SharePoint security group has Full Control rights. After studying the ULS log it seemed as if everyone except for the top level Site Owners (and Site Collection Administrators) did not have rights to Device Channels list. A Device Channel basically controls how content is rendered within the Publishing Infrastructure in SharePoint 2013. For more on Device Channels please go here: Intro to Device Channels

Solution

To remedy this, I added Restricted Readers group to the permission set of Device Channels list:

1. Navigate to Site Settings, Device Channels. Or if it is easier just navigate to: http://YOUR_HOST_HEADER/DeviceChannels
2. Click on List Settings in the server ribbon
3. Click on Permissions for this list under Permissions and Management
4. Select Grant Permissions in the server ribbon and add Restricted Readers group


5. Now add users to Restricted Readers group. You can be selective here and add only a group of users, I simply added All Authenticated Users.

I hope this saves some time if you run into the same issue.

Comments

  1. Steve JefferyDecember 19, 2013 at 10:16 AM

    Thanks, this helped me!

    My issue was that for a custom site template I was getting an error thrown when members group was granted permission to create sub-sites. Assigned members group read permissions to this list and all good!

    Would love to know why this was necessary though when an OOTB site template worked fine without it...

    ReplyDelete
    Replies
    1. Ismar AlikadicDecember 19, 2013 at 10:40 AM

      Glad this was helpful!
      I believe this was noted as one of the known issues in RTM and finally addressed in the CU.

      Delete
    2. Steve JefferyDecember 20, 2013 at 4:03 AM

      The issue occurs in SharePoint online so not sure if it is addressed yet I'm afraid.

      Many thanks again - saved me hours of searching!

      Delete

Post a Comment

Popular posts from this blog

SharePoint Server Search - Error Starting

Problem I recently ran into this snag at a client site while setting up the Search Service Application.  I was able to create the service application without a problem however when I attempted to start the SharePoint Server Search service (Manage services on server page) I kept getting Error Starting . After taking a peak at the logs I found the following: An attempt to start/stop instance of service SharePoint Server Search on server did not succeed. Re-run the action via UI or command line on the specified server. Additional information is below. Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) I double/triple checked the permissions and made sure that my Farm Administrator account was a member of WSS_WPG and WSS_ADMIN_WPG groups, and that those groups had full control permissions to the C:\Windows\Tasks and C:\Windows\Temp folders. Resolution I nearly lost hope when I remembered my old lost friend called STSADM.EXE. Just like in the old da...
Post a Comment
Read more

SharePoint 2013 - Can't access the site externally in Internet Explorer ("Page cannot be displayed")

Synopsis Before we start talking about the problem let's understand the setup here.  We have a SharePoint 2013 intranet site that is also configured for access outside of the corporate network.  Employees use the same URL to visit the site both internally and externally via standard ports (80 and 443). Internal URL: http://sharepoint.domain.com Public URL: https://sharepoint.domain.com The site URL has been added to the Local Intranet zone in Internet Explorer for passing domain credentials. Alternate Access Mappings have been configured in such a way that if a user requests the site over HTTP they are automatically re-directed to HTTPS. Internal URL Zone Public URL for Zone https://sharepoint.domain.com Default https://sharepoint.domain.com http://sharepoint.domain.com Default https://sharepoint.domain.com Web application has been configured to use Kerberos protocol for authenticating incom...
7 comments
Read more

Remove Orphaned Web Parts - MissingWebPart

At some point you may have encountered an error like this while browsing through the SharePoint Health Analyzer or if you are attempting to test your content database (i.e., Test-SPContentDatabase) prior to mounting it. Message reads something like this: One caveat is that the log message never reveals the Location of the culprit web part.  Luckily we can utilize T-SQL to query the content database and reveal the location of the web part in question.   Query the Content Database To do this fire up the SQL Server Management Studio either locally from your machine or while logged on to the SQL Server back-end of your SharePoint farm, open up the new Query window and enter the following statement: USE < Content_Database_Name > SELECT AllDocs.SiteId,WebId, Webs.Title as 'Web Title', ListId, DirName,LeafName  FROM AllDocs    inner join AllWebParts on Alldocs.Id = AllWebParts.tp_PageUrlID  inner join Webs on Alldocs.WebId = webs.Id...
4 comments
Read more