A user with full control permission gets ‘access denied’ on editing a SharePoint List.

  • Article

I ran into this strange issue recently and thought I’d like to share it with others who might face a similar situation.

When a user with full control permission tries to edit an item in the SharePoint list he gets ‘access denied’. In fact, even system account gets ‘access denied’ on editing the same list item.  

On examining the ULS logs I see the following logged. 

Errors in the ULS log:

===================

46:22.3         w3wp.exe (0x0D94)                               0x097C         Windows SharePoint Services             General                            8gs1   Verbose        Access Denied for /Lists/123/EditForm.aspx?ID=1&Source=http%3A%2F%2Faaaaa%2FLists%2Fviren%2FAllItems%2Easpx. StackTrace: Microsoft.SharePoint.Utilities.SPUtility:Void HandleAccessDenied(System.Exception), Microsoft.SharePoint.WebControls.BaseFieldControl:Void OnInit(System.EventArgs), Microsoft.SharePoint.WebControls.ParentInformationField:Void OnInit(System.EventArgs), System.Web.UI.Control:Void InitRecursive(System.Web.UI.Control), System.Web.UI.Control:Void InitRecursive(System.Web.UI.Control), System.Web.UI.Control:Void AddedControl(System.Web.UI.Control, Int32), Microsoft.SharePoint.WebPartPages.ListFormWebPart:Void CreateChildControls(), System.Web.UI.Control:Void EnsureChildControls(), Microsoft.SharePoint.WebPartPages.WebPart:Microsoft.SharePoint.WebPartPages.Menu get_WebPartMe...             

This issue has been addressed in the Service Pack 2 for WSS 3.0 (https://support.microsoft.com/kb/961175).

But installing Service Pack 2 will prevent this issue occurring on a new list. But the access denied issue with existing list will not get resolved.

To fix the issue with the broken list, I had a code developed by one of our developers.

The code is as follows and needs to be edited and run at the site collection level to prevent any new lists on the site from facing the same problem

=======================================================================

void FixWebField()
{
string RenderXMLPattenAttribute = "RenderXMLUsingPattern";
string weburl = "<<https://localhost/>>";
SPSite site = new SPSite(weburl);
SPWeb web = site.OpenWeb();
SPField f = web.Fields.GetFieldByInternalName("PermMask");
string s = f.SchemaXml;
Console.WriteLine("schemaXml before: " + s);
XmlDocument xd = new XmlDocument();
xd.LoadXml(s);
XmlElement xe = xd.DocumentElement;
if (xe.Attributes[RenderXMLPattenAttribute] == null)
{
XmlAttribute attr = xd.CreateAttribute(RenderXMLPattenAttribute);
attr.Value = "TRUE";
xe.Attributes.Append(attr);
}
string strXml = xe.OuterXml;
Console.WriteLine("schemaXml after: " + strXml);
f.SchemaXml = strXml;
}

Next, edit the following code and target your broken list(s). This should correct the targeted list to no longer have the ‘access denied’ error message.

==============================================================
void FixField()
{
string RenderXMLPattenAttribute = "RenderXMLUsingPattern";
string weburl = "<<https://localhost/>>";
string listName = "test2";
SPSite site = new SPSite(weburl);
SPWeb web = site.OpenWeb();
SPList list = web.Lists[listName];
SPField f = list.Fields.GetFieldByInternalName("PermMask");
string s = f.SchemaXml;
Console.WriteLine("schemaXml before: " + s);
XmlDocument xd = new XmlDocument();
xd.LoadXml(s);
XmlElement xe = xd.DocumentElement;
if (xe.Attributes[RenderXMLPattenAttribute] == null)
{
XmlAttribute attr = xd.CreateAttribute(RenderXMLPattenAttribute);
attr.Value = "TRUE";
xe.Attributes.Append(attr);
}
string strXml = xe.OuterXml;
Console.WriteLine("schemaXml after: " + strXml);
f.SchemaXml = strXml;
}

 

Hope this is helpful! :)