Skip to main content

SharePoint 2013 - Can't create Publishing Site (Access Denied)

I've stumbled upon an interesting issue this past week while working for a client and wanted to share just because I almost pulled my hair out trying to figure it out. I've provisioned a site collection with about a handful of sub-sites, each with their own unique permission structure (Owners, Members, Visitors, etc). I was surprised to find out that users that were part of Owners group could not create sub sites and encountered Access Denied error each time, like the one below.


A bit baffling, especially since Owners SharePoint security group has Full Control rights. After studying the ULS log it seemed as if everyone except for the top level Site Owners (and Site Collection Administrators) did not have rights to Device Channels list. A Device Channel basically controls how content is rendered within the Publishing Infrastructure in SharePoint 2013. For more on Device Channels please go here: Intro to Device Channels

Solution

To remedy this, I added Restricted Readers group to the permission set of Device Channels list:

1. Navigate to Site Settings, Device Channels. Or if it is easier just navigate to: http://YOUR_HOST_HEADER/DeviceChannels
2. Click on List Settings in the server ribbon
3. Click on Permissions for this list under Permissions and Management
4. Select Grant Permissions in the server ribbon and add Restricted Readers group


5. Now add users to Restricted Readers group. You can be selective here and add only a group of users, I simply added All Authenticated Users.

I hope this saves some time if you run into the same issue.

Comments

  1. Steve JefferyDecember 19, 2013 at 10:16 AM

    Thanks, this helped me!

    My issue was that for a custom site template I was getting an error thrown when members group was granted permission to create sub-sites. Assigned members group read permissions to this list and all good!

    Would love to know why this was necessary though when an OOTB site template worked fine without it...

    ReplyDelete
    Replies
    1. Ismar AlikadicDecember 19, 2013 at 10:40 AM

      Glad this was helpful!
      I believe this was noted as one of the known issues in RTM and finally addressed in the CU.

      Delete
    2. Steve JefferyDecember 20, 2013 at 4:03 AM

      The issue occurs in SharePoint online so not sure if it is addressed yet I'm afraid.

      Many thanks again - saved me hours of searching!

      Delete

Post a Comment

Popular posts from this blog

SharePoint 2013 - Simple Glossary using "HTML Form Web Part"

Introduction At some point you probably thought about incorporating glossary functionality as a part of a larger solution, or perhaps you were simply looking for providing a more intuitive way of filtering hundreds of items within a List or Library. Now there are countless web parts out there that you can either purchase or download from the SharePoint Store free of charge, and they all come with their own set of bells and whistles.  However, if you are looking at building one yourself, well look no further. To accomplish this we will need three major ingredients: SharePoint Page (either Wiki or Publishing will work) SharePoint List/Library with some content (Files/Items) HTML Form Web Part Let's Implement In this post I’m using a simple Wiki page, but you can also use a Publishing page as well.  We just need a canvas to display our glossary. I presume you already have a list or library that contains some content which is applicable to this concept.  I’m
12 comments
Read more

SharePoint 2013 - Can't access the site externally in Internet Explorer ("Page cannot be displayed")

Synopsis Before we start talking about the problem let's understand the setup here.  We have a SharePoint 2013 intranet site that is also configured for access outside of the corporate network.  Employees use the same URL to visit the site both internally and externally via standard ports (80 and 443). Internal URL: http://sharepoint.domain.com Public URL: https://sharepoint.domain.com The site URL has been added to the Local Intranet zone in Internet Explorer for passing domain credentials. Alternate Access Mappings have been configured in such a way that if a user requests the site over HTTP they are automatically re-directed to HTTPS. Internal URL Zone Public URL for Zone https://sharepoint.domain.com Default https://sharepoint.domain.com http://sharepoint.domain.com Default https://sharepoint.domain.com Web application has been configured to use Kerberos protocol for authenticating incoming c
7 comments
Read more

Remove Orphaned Web Parts - MissingWebPart

At some point you may have encountered an error like this while browsing through the SharePoint Health Analyzer or if you are attempting to test your content database (i.e., Test-SPContentDatabase) prior to mounting it. Message reads something like this: One caveat is that the log message never reveals the Location of the culprit web part.  Luckily we can utilize T-SQL to query the content database and reveal the location of the web part in question.   Query the Content Database To do this fire up the SQL Server Management Studio either locally from your machine or while logged on to the SQL Server back-end of your SharePoint farm, open up the new Query window and enter the following statement: USE < Content_Database_Name > SELECT AllDocs.SiteId,WebId, Webs.Title as 'Web Title', ListId, DirName,LeafName  FROM AllDocs    inner join AllWebParts on Alldocs.Id = AllWebParts.tp_PageUrlID  inner join Webs on Alldocs.WebId = webs.Id  WHERE AllWebParts.tp
4 comments
Read more