SharePoint Holmes and the Forbidden Follow

sherlock-holmes-462957_960_720.jpgThe Case

Recently someone reported an issue with Following. Whenever he wanted to follow a site or a document, he got this message:

Unable to Follow

The investigation

  1. I did a screenshare with him to find out what exactly he was doing. Sometimes seeing someone’s screen or actions provide you with a clue, but he did the correct things and there was nothing weird in his screen either.
  2. I asked my more technical colleague and he came up with something good. Do you know where Followed Sites (or Followed Documents) are stored?
    Follow a site and then click on the confirmation popup that appears.

    SH-Follow-Followsitepopup
    Click quickly on this popup before it disappears!
  3. I ended up on a page with “yourname/my.sharepoint.com/personal/”  in the URLSH-Follow-WhereFollowedSitesLiveand this is…
    SH-follow-drumroll
    drum roll

    …OneDrive!

  4. I replaced the last bit of the URL, to the right of the tenant name, with _layouts/15/viewlsts.aspx?view=14
  5. I saw the Site Contents of my OneDrive, with the Social List at the bottom.

    SH-Follow-SocialList in Site Contents
    This is where the Followed sites live – in a list called “Social” in your OneDrive.
  6. When clicking the ellipses next to the Social List and clicking Settings, I ended up in the list, which has several content types and a ton of columns.
    SH-Follow-Content Types
    The content types available in the Social list

    SH-Follow-Columns
    Pfff…all these columns just for the things you follow?
  7. I asked the user to give me Full Control to his OneDrive, as this is out of my normal support scope so I do not have admin access.
  8. I compared the  Social List of the user with my own.
    It appeared that his Social List missed two columns: File Type Prog ID and Server URL prog ID.

    SH-Follow-MissingColumns
    The highlighted columns were not in his Social list.
  9. Also, on his Delve profile, any hints of his OneDrive were missing in his profile card. I looked at the Delve profile of unknown colleagues and there is always a mention of “[person name] ‘s OneDrive” even when no files are shared.
    (I can not show that as I am the only person in my tenant)
  10. I searched on the internet and found mentions about being unable to follow sites but the problems (one user, some users, all users), causes (the application pool account has no access to the database, security updates, a setting not configured correctly) and solutions were very mixed and I could not find anything about those ProgID’s.

The solution

Well, uh…this is beyond my scope and a different team supports OneDrive, so I have assigned the incident to another team. SharePoint Holmes failed…:(
But although I have not managed to solve this,  I have spent some enjoyable time digging into new territory and learning something new.

Which issues have you found with Following Sites and how have you solved them?

About SharePoint Holmes:
Part of my role is solving user issues. Sometimes they are so common that I have a standard response, but sometimes I need to do some sleuthing to understand and solve it.
As many of my readers are in a similar position, I thought I’d introduce SharePoint Holmes, SharePoint investigator, who will go through a few cases while working out loud.

Detective image courtesy of 422737 on Pixabay
Drums image courtesy of posterize at FreeDigitalPhotos.net

Advertisements

An unpleasant inheritance

inherit-picInheriting something is a mixed pleasure.
You can become the proud owner of your uncle’s lovely old-timer, or be able to wear your grandmother’s diamond necklace and matching earrings at grand events, but you generally receive those treasures only after a dear one has passed away.
But you can also inherit debts, a house with an expensive mortgage, a nephew or other “things” that you have never wanted.

Inheriting permissions in SharePoint can also be a curse rather than a blessing.
“I have suddenly lost access” has been the title of many recent incidents. No need to blame this on Microsoft, SharePoint or the support team, because in 99% of cases this is a human error:

  • The Site Owner accidentally removed their own permissions while cleaning up a document library’s  or site’s permissions. The support team can easily fix this.
  • The Site Owner accidentally inherits the permissions from the parent site. That is pretty serious and has happened alarmingly often!
inherit-removeuniquepermissions
A dangerous button that will inherit permissions from the parent – this can be wanted in documents, folders and libraries but can wreak havoc in sites.

I have already mentioned in many of our instruction materials: “if you see “this web site has unique permissions” in the yellow bar, DO NOT CLICK “Delete unique permissions” as you will

  • Inherit the permissions from the parent site
  • Lock yourself out of your site if you have insufficient permissions on the parent site
  • Remove all unique permissions in your site (and there is no “undo” or “restore” option)
inherit-thiswebsitehasnqiuepermissions
If you see this text, you are at the site level!

The warning message appears not to be informative enough to keep people from proceeding.

inherit-warning
The warning message before you inherit the permissions from the parent site.

Recently I have guided a few people through “permissions stuff” via screenshare and I notice that they always want to click ‘Delete unique permissions” when they want to remove users. In several cases these users were individuals who were not in a group and therefore were seen as having unique permissions.
On those occasions I have been just in time to guide their mouse pointers to the right button: “Remove User Permissions”.

inherit-removeuserpermissions
Use this when you want to remove  groups or individuals from your site

This has now happened so often, with such serious consequences, that I have added a suggestion to Microsoft SharePoint Uservoice to rename “Delete Unique Permissions” into “Inherit permissions from parent” as this is probably easier to understand for the user than the current wording. If you agree, please support my request. (Happy to return the favour, of course)

You know, like in SharePoint 2007:

Inheritpermissions2007
What it looks like in SharePoint 2007 – much more intuitive! (Pic taken with Phone)

And if you have taken any measures that successfully prevent this accidental inheritance, please share!

Image courtesy of Phil_Bird at FreeDigitalPhotos.net

SharePoint Holmes and the Missing Menu-item

SPHolmes-EditPageThe case

“I am officially the owner of the site, but I can not manage the site”, the user had written in the description field of the incident.
I asked her what exactly she was trying to do that was impossible, and she said she had wanted to make changes to the homepage of the site.

“But the menu in the gear wheel does not look like the training materials”, she said. “Please see attached screenshot”.

Now that was an interesting screenshot!

SPHolmes-EditPage-Gear wheel
“Site settings” but no “Edit page” in the menu!

I could have asked her if she was able to go to the homepage from the Site Pages or Pages library and if she would have been able to conjure up the Page tab and do it from there, but I was so intrigued by the screenshot that I decided to do some investigation. After all, the “Edit page” option needs to be there and I could better fix that once and for all than waste her time with workarounds. Her problem was not so urgent that she needed the workaround.

And to be frank, I hoped it would turn out to be another SharePoint Holmes topic 🙂

The investigation

  1. Of course, I checked the permissions first. They looked OK. (You know the Dutch words by now, right? 🙂 )

    SPHolmes-EditPage-Permissions
    Owners with Full Control, Members with Edit, Visitors and another group with Read permissions – looks normal!
  2. Yes, she was in the Owners group with Full Control.

    SPHolmes-EditPage-InOwnersGroup
    Mystery Guest is in the Owners group.
  3. I checked the items with unique permissions. The Site Pages library was one of them.
  4. Aha, the Site Pages library had very limited permissions – only Visitors had Read access and that was it. As the Visitors group contained a company-wide AD group, I knew she had access – but only with Read permissions.

    SPHolmes-EditPage-SitePagesPermissions
    Fortunately a wide audience could see the site’s pages – but nobody could edit them!
  5. I checked the Homepage permissions to be on the safe side, and that inherited permissions from the library. So she could see the homepage but not edit it.

The solution

I added the Owners group back to the Site Pages library with the proper permissions. I informed the Site Owner that she had removed the permissions of everyone except the Visitors.
She informed me that “Edit Page” was now in her Gear Wheel menu and she could edit the page again. Problem solved!
I suggested to think about what she wanted to do with this library – keep it like it was with only Owner and Visitor groups (to avoid unwanted edits) or to inherit the permissions from the site.

I wish I had something more deep and interesting to conclude than: “SharePoint permissions are difficult to understand and manage”. 😦

But if you ever come across a screenshot like that, you know what to do!

About SharePoint Holmes:
Part of my role is solving user issues. Sometimes they are so common that I have a standard response, but sometimes I need to do some sleuthing to understand and solve it.
As many of my readers are in a similar position, I thought I’d introduce SharePoint Holmes, SharePoint investigator, who will go through a few cases while working out loud.

Image courtesy of  Clker-Free-Vector-Images on Pixabay.

Beware the SharePoint MVP!

 

No, I am not going to bash the SharePoint Most Valuable Professionals! I have received help, feedback and support from many MVP’s including Veronique Palmer, Jasper Oosterveld and Gregory Zelfond, and I have read and used the posts and presentations of many others.

But I am glad this title caught your attention 🙂

The Minimum Viable Product

This blog will be about another MVP – the Minimum Viable Product, a common word in Agile development, meaning you will launch a product that meets the basic requirements (as defined at the start of the project) and will be improved incrementally over time.

I think I have been woking somewhat agile  when I was configuring solutions, and met with my business counterparts on a very regular basis to discuss the proof of concept/prototype and checked if this met their expectations.
I only created a very small list of requirements, as I knew that many business partners only had a vague idea of what they were really looking for, and when confronted with my interpretation of their requirements all kinds of unexpected, or in any case, unspoken, things came up.

  • Is there an option to leave this field blank?
    Yes, but that means that we either leave this non-mandatory (which may lead to more blanks than you want) or we add a dummy value such as “please select”. What do you think is best?
  • Can we have a multiple choice for this field?
    Ofcourse, but that means you will be unable to group on this in the views, so we will have to resort to a connection for filtering. Oh and then it is better to make this field a look-up field instead of a choice field. Let me rework that.
  • What if someone forgets to act on the email?
    We may want to create a view that allows the business process owner to see quickly which items are awaiting action.

And more of those things. I generally met with my business partner once every fortnight, if not more often.

So I am all in favour of especially the short development cycles of Agile.

“Users” does not mean “end users”, exclusively!

I also think that “user stories” are much more realistic and human than “requirements”, although they sometimes look a little artificial.
By the way, I would recommend any team to think not only of “end user stories” but also of “tenant owner” stories or “support user stories” as other people involved have their own needs or requirements.

Rapid improvements

I also like the idea of launching a Minimum Viable Product and doing small, rapid improvements on that, based on feedback and experiences, because

  • You can show users that you are listening to them
  • You can show that you are not neglecting your intranet after launch
  • It gives you something new to communicate on a regular basis
MVP-DevelopmenttoLaunch
During development, you work towards the Minimum Viable Product

So, when we were launching our intranet I was quite interested to be part of the project and to work towards an MVP.

When we finally launched our MVP we also published the roadmap with intended improvements, and shared the process of adding items to the roadmap.  That way users could see that we had plans to improve and that we would be able to spend time and attention on meeting the needs of the business.

Vulnerabilities

When launching an MVP with a promise to make ongoing improvements you are more vulnerable than when you do a Big Bang Launch & Leave introduction. What about the following events?

  • Cuts in the improvement budget.
    Those can be a blessing or a curse, but they may happen.
  • People who leave before they have documented what they have created.
    I have never liked the extensive Requirements Documents and Product Descriptions that go with traditional development, but if you are handing over your product to the Support organization, you really need documentation of what you are handing over. End users can have the weirdest questions and issues! 🙂
  • Reorganizations which turn your product team or even your company upside down.
  • Microsoft changes that mess up your customizations. We have a webpart that shows your Followed Sites – it suddenly and without warning changed from displaying the first 5 sites you had followed to the last 5 sites. Most annoying!

So before you know it, you end up with a below-minimum viable product. ☹

MVP-Developmentfromlaunch
While in a normal development cycle you would slowly and steadily improve upon the MVP, unexpected events can leave you with something less than MVP.

What can be done?

So before you start singing the praises of Agile development and put on your rose-tinted glasses

  1. Make sure you have a safe development budget that can not be taken away from you.
  2. Ensure you have an alternative no-cost optimization plan, such as webinars, Q&A sessions, surveys, configuration support, content changes etc. to make the most of the launch of your MVP and to get feedback for improvements for when better times arrive.
  3. Insist that everyone documents their configurations, codes, processes, work instructions etc. as quickly as possible. It is not sexy but will save you a lot of hassle in case your team changes.
    If you are in need of extracting knowledge from leaving experts, here are some tips for handing over to a successor, and some tips for when there is no successor in place yet.
  4. Be prepared for changes in processes, data or organization. You do not have to have a ready-made plan, but it is wise to think about possible implications for your product or process if the Comms team is being reorganized, someone wants to rename all business units, or you need to accomodate an acquired company in your setup.
  5. Keep customizations to a minimum. Use existing templates and simple configurations.
    Personally I would be totally content without a customized homepage. The SharePoint landing page or, even better, the Office365 landing page as the start page to my day would work perfectly well for me, but I have learned not many people share that feeling.

Any experiences to share?

Have you had similar experiences? Have you found a good way to handle budget cuts, a way to develop budget-neutrally, how to deal with people changes or another way to deal with unexpected events that endanger your MVP? I am sure there are many people (including myself) who would like to learn from your stories!

Images are from Simon Koay’s totally gorgeous Superbet. Look at that B!
M=Mystique, V=Venom, P=Poison Ivy

SharePoint Holmes and the Continuous Classic View

Sherlock GnomesThe case

“Why can I not set my document library to the New experience?” the user asked me.

“Of course you can, let me show you”, I said confidently.
Over-confidently, as it turned out. Because there was no “Exit Classic View” link bottom left.

Classic-Nolinkbottomleft
Huh? No “Exit Classic View” bottom left of the page.

 

And the Advanced Library Settings showed that the library was already set to display in New experience.

Classic-LibrarySettings
The library was set to display in the New experience

Sigh…I got my SharePoint Holmes hat and magnifying glass out of the cupboard and set out towards…

The investigation

  1. I remembered some other sites which did not display their “Exit Classic View” button. Those all have a banner on top of the page,  a popular feature from our old intranet, that has been migrated to the new intranet.
    I set the user’s page into Edit mode. There was a web part zone on top but there was no web part in it, so that did not give me any clues. Hmmm.

    Classic-Nowebpartontop
    Empty web part zone!
  2. I looked at the other views in the library and those were in New Experience. Huh!
  3. I created a new view and this was in New Experience as well, so the issue was with the default view.
  4. To check my sanity, I did some searching (Yes, I know I should do that straight away but I like to look at things and push buttons 🙂 ) and what did I find?  This.
  5. So, I dove into that Classic View, edited the page, looked at Closed Web Parts…and found a Content Editor Web Part.

    Classic-ClosedWebpart
    There was a closed web part on the page.
  6. I added it to the page, then deleted it and that turned out to be…

The solution

Classic-AfterRemoval
The library now shows in New experience, with the “switch”-link bottom left.

So, there are two options when you can not get your document library to show in New Experience while it is set to be New:

  1. Remove all web parts on the view page, open and closed.
    Set the page to Edit mode.
    If you see a web part, DELETE it.
    If you do not see a web part, click Insert > Tab > Web Parts > Closed Web Parts. If you see one or more web parts mentioned, add part(s) to page, and then DELETE it/them.
  2. Create a new view by copying the old view with a new name, setting it to be the default view if needed, and deleting the old view.
    I must admit this did not work in my own tenant – all views showed and were created in Classic SharePoint. But I have seen this multiple times in our work tenant.

If you want to display a picture, you could also upload one or more pictures and pin it/them to the top.

Microsoft also has some things to say about the Classic vs Modern view. They also mention the influence of web parts (at the end of the article) but the language is not very clear.

About SharePoint Holmes:
Part of my role is solving user issues. Sometimes they are so common that I have a standard response, but sometimes I need to do some sleuthing to understand and solve it.
As many of my readers are in a similar position, I thought I’d introduce SharePoint Holmes, SharePoint investigator, who will go through a few cases while working out loud.

Picture from unknown source but it was too funny to let go. See the trailer of Sherlock Gnomes! With Johnny Depp…

Knowledge Management from support tickets

KMTickets-headerNow that we have launched our intranet we constantly receive questions and support tickets from our users. That is not exactly a surprise, as we know that our current intranet is vastly different from our old one. We have SharePoint Online versus SharePoint 2007 and a completely new governance.
We learn a great deal about our users and our environment from these tickets and the discussions in our dedicated Yammer group.

Of course my team knows that I am into KM, so I am currently in a small “Virtual Expert” group on knowledge sharing. Our goals is to “translate experiences into knowledge”.

That sounds pretty formal, but it is quite simple really. And you know, I like simple, especially when it is about KM.

How it works

KMTickets-process

Whenever we receive an incident, we assign it according to the type of incident. This allows every one of our team to learn about a specific topic or process, and to improve the process or generate knowledge about this topic.
For instance, for a time all incidents dealing with permissions were assigned to me.
When I had gained sufficient knowledge of common permission issues, either by searching online or by doing experiments, I wrote work instructions for the rest of the team. Permissions issues (provided we recognize them when the tickets come in 🙂 ) can now also be assigned to others as we have a common procedure.
Yammer questions that can not be answered by the community receive similar treatment: we do online search and experiments where needed. (Although we ask people to submit a ticket when it looks like something in their site is broken)

We have a regular call to discuss any new and interesting issues.

When we run into a problem that we can not solve by searching online or doing an experiment,  we ask our very knowledgeable tenant admins. They show or tell us when they know the answer. My colleague and myself then turn this knowledge into documentation – be it a work instruction for the support team, a manual or a tip for end users, or sometimes a suggestion for extra communication or even a change to the system settings.

Most materials are stored on SharePoint: in our own team site or in the site we have created for end users.

Love all around!

KMTickets-LoveI love this structured approach. Our manger, who is very much into service delivery, formal processes and stuff like ITIL, appreciates the process we are going through.
Our tenant admins like to share their knowledge, knowing this will free them up to do tenant admin stuff.
My colleague and I have great pleasure in capturing knowledge and turning it into something tangible that helps us do our work faster.
The rest of the team is happy to have good work instructions.

SharePoint Holmes

It may be a small process, but it works for us and we enjoy the benefits.  And you…you see the SharePoint Holmes cases! 🙂

Header image courtesy of Kimberley Farmer on Unsplash.com

SharePoint Holmes and the Pesky Permissions

SH-Pesky-ByOllieArteThe case

“This user is losing her access all the time”, the site owner said. “She keeps getting an access denied and then asking me for access”.
Now I know that SharePoint permissions can be a bit of a nightmare, but I have not come across situations where people who have access, suddenly lose that without any actions on the side of the site owner or manager of the permissions group.

The site owner told me he had added her to a group in his site. This group needs Edit permissions to the Commercial documents, a document library with confidential information.

“When she gets that access denied message, do you find she has disappeared from that group?” I asked him, but he did not know that.  Not very helpful, but a site owner should not have to be a detective, of course; things should just work.

So…time to get my Detective paraphernalia out of the closet and set out on a hunt for clues.

The investigation

    1. First step: site permissions.
      The group was called L1-CommercialTeam, with Read permissions.

      SH-Pesky-Site permissions
      I still have not figured out why permission levels are mentioned in Dutch, but trust me: The L1-CommercialTeam has Read access on this site.

      That looked OK, knowing she would have Edit permissions on one library. And indeed, when I looked at the “Users with Limited Access” I saw this:

      SH-Pesky-LimitedAccess
      Limited access because this group has Edit permissions on one document library.
    2. I checked the settings of the group. The user was a group member. The owner of the group was the site owner group, so there were no other parties who might have been messing about.
    3. I checked the permissions of the group: Read + Limited Access on the site, Edit on the document library. OK.
    4.  I checked the permissions for the library with confidential information. Indeed, the group had Edit permissions there.

      SH-Pesky-LibraryPermissions
      Enter a caption
    5. So, everything looked OK. What could have gone wrong? It is extremely hard to solve things that “occasionally happen” so I needed some time to think about next steps.
    6. I decided to have a look at all the permissions in the site, knowing that things can be more complicated than you might think at first sight.
      That was interesting: all 3 document libraries in the site had unique permissions, but the L1-CommercialTeam only had access to the Commercial Documents.

      SH-Pesky-Uniquepermissions
      All document libraries in this site have unique permissions
    7. I contacted the user and she confirmed that the she got the access denied when she wanted to go to the other document libraries.
    8. I contacted the site owner and asked him when he had created the Commercial Documents library and the group  – this had been done recently.

The solution

As the unique permissions in the other document libraries had been created before the L1-CommercialTeam group had been created and added to the site, the L1-CommercialTeam did not automatically get access to those libraries.

I informed the site owner about the permissions in his site – that all libraries had different permissions and that the user had requested access to the two libraries that she did not have access to.
He had inherited the site from a predecessor and was not aware of the unique permissions.
Besides, as the group appeared to have Read permissions at site level, he thought the group had access to everything. I can not blame him, really.

He gave the L1-CommercialTeam access to one library, and re-inherited permissions to the other. No access denieds have been reported since.

So, dear site owner, please check the unique permissions in your site on a regular basis. SharePoint Online has a very useful link on the site permissions page, which has turned into my new BFF:

SH-Pesky-Showtheseitems
This link allows you to see all libraries and lists with unique permissions, as well as libraries and lists that contain items with unique permissions.

 

About SharePoint Holmes:
Part of my role is solving user issues. Sometimes they are so common that I have a standard response, but sometimes I need to do some sleuthing to understand and solve it.

As many of my readers are in a similar position, I thought I’d introduce SharePoint Holmes, SharePoint investigator, who will go through a few cases while working out loud.

Image courtesy of Ollie Olarte.