SharePoint Holmes and the Gone Gallery

800px-Northwestern_High_School_Student_Art_GalleryWhile all consultants are writing about Modern Sites, Hub Sites and Communication sites, I am quite certain that a lot of us practitioners are still working with the Classic sites. Looking at “my own” environment this will not change overnight.

(One of the joys of being a practitioner is that you can watch an intranet grow old…and not always gracefully 🙂 )

So here’s another case of Classic SharePoint Investigation.

The case

“I can only add app parts to the page,” the user said. “I am the owner of the site and I would like to add Summary Links, but I can only see the web parts for the document libraries and lists in my site.”

And indeed, when I looked at her page in Edit mode, it looked like this:

SH-GG-WebParts
Although the user had selected the Web Part Gallery, she only saw the App Parts.

 

SH-GG-AppParts
This is what she saw when she selected the App Parts – exactly the same!

 

The investigation

  1. The site permissions were OK – she indeed had the correct permissions to manage the site.
  2. I checked the permissions for the Pages library and Pages – all were inheriting from the parent so that was not the issue.
  3. I logged in as admin (that account has Administrator permissions on all site collections in the tenant) and I saw all web parts. So it looked like another permissions issue.

    SH-GG-CorrectWP
    Same page, different user: I could see the web parts
  4. I asked the owner to which business she belonged. That was Business B. This gave me the clue that I needed.
  5. I checked the site collection – this was a site collection for Business A.
  6. So I checked her permissions on the site collection level – none, as only employees of Business A had access.
  7. To confirm, I checked her permissions for the Web Part Gallery.  Bingo!

The solution

As we are divesting Business B, we have removed all permissions of the Business B people from all site collections of Business A, and vice versa. This means that the Galleries in the Business A site collections are not accessible to employees of Business B. It is an exceptional case that a Business B owner is an owner of a Business A site, but there was a reason for that.

Fortunately the Web Part Gallery had unique permissions, so I added her to the Gallery and then she could do what she needed to do. I did not have to worry about maintenance as her account will be removed in a few months automatically as the system separation takes place. (I may write about that later.)
Frankly, I do not know which permissions a Web Part Gallery should have by default, as I have seen both “inherited” and “unique” while checking some site collections.

This case is probably not very common, but if you ever get incidents where people can not see the web parts when editing a page, please check permissions of the Web Part Gallery at the site collection level. I remember once accidentally removing all permissions at site collection level, and after I had added the groups back, several Galleries were inaccessible as due to unique permissions the groups had not been added back automatically…

About SharePoint Holmes:
Part of my role is solving user issues. Sometimes they are so common that I have a standard response, but sometimes I need to do some sleuthing to understand and solve it.
As many of my readers are in a similar position, I thought I’d introduce SharePoint Holmes, SharePoint investigator, who will go through a few cases while working out loud.

Photo courtesy of Maryland Pride on Wikimedia.

Advertisements

SharePoint Holmes and the Survey Surprise

Survey-Detective_Maxwell_on_his_desk_in_the_movie_Until_DeathMost questions I receive about SharePoint surveys are permission issues (it is not extremely intuitive that you need to give all your audience Contribute permissions) and the error message that tells people you can not enter this survey twice.
But this time the issue was different.

The case

The site owner had created a survey in which each item had to be completed by two people. When the first person had entered their part, they would send the link to their entry to the second person, who was supposed to enter the rest.
However, the second person could not open the link and got an error message.
“Sorry, something went wrong. No item exists at [location]. It may have been deleted or renamed by another user”.
When that second person went to the site and opened the survey, they could see that an item had been entered but when they clicked “Show all responses” they received a message that there were no responses.
Confusion all around!

The investigation

  1. I checked the permissions, of course.
    The second person had Contribute permissions to the survey, so that was OK. Everyone could see and edit all items, which is a bit scary, but as this was a controlled process with a limited audience, that could work.
  2. People could enter multiple responses, so that was also not a limitation that could cause this issue.
  3. I checked the survey itself. It had some branching. I completed the first part of the survey and clicked Save and close. My entry was saved.
  4. I went to the survey and saw the item and could open and edit it.
  5. I looked at the 2nd part of the survey, which had many required responses and that gave me some ideas to test…

As it turns out,

  • You are unable to save a straightforward Survey item (with no branches) if it contains questions where you have to provide an answer. We know that, it is the same as with List items.

    Survey-needsmandatoryfields
    This survey can not be saved when the required fields have not been completed.
  • A survey with branching however, will save answers, even if you have not entered all mandatory fields. You will get a message and the item will be saved as “not complete”.
    Survey-setup
    With the yellow-marked question the branching occurs, and there are 2 questions which require a response after that.
    Survey-page1filled
    This is what the first part of the survey looks like. The first person would “Save and Close”.
    Survey-messageforsaving
    “This website reports the following” – you are learning Dutch as you go along 🙂
    Survey-part1saved
    When you Save and Close,  the item will be stored and be visible.

    Survey-1responsenotcompleted
    If you click on “Show all responses” you will see that the item is “not completed”.
  • People can only see the completed items of someone else. As the item is “not complete” because the second part with mandatory questions is not completed,  second person Mystery Guest can not open my item, even though she can see there is an item and she has all the permissions.
    Survey-MysteryGuestsees1item
    Mystery Guest can see there is an item added…

    Survey-NoresponsesforMysteryGuest
    …but when she clicks “Show all responses” she gets the above message.
  • When I removed the “requiredness” of the answers of the 2nd part, the survey was marked as “complete” upon saving, and then the 2nd person could open and edit the 2nd part of the survey.

The solution

I discussed my findings with the site owner and suggested to make the answers in the second part of the survey no longer mandatory. I showed him how to create views in a survey to help getting the second part completed.

That worked for him. Case closed!

New experience for Surveys!

I also saw the Survey in Modern SharePoint. I appreciate the new consistency with other lists, but I can imagine that people will be lost without that well-known look-and-feel. But then, I expect that Forms will make the Survey obsolete soon, anyway.
I wanted to share a screenshot, but things are not very stable yet and I kept getting errors and the Classic experience. As soon as I have captured it, I will share!

About SharePoint Holmes:
Part of my role is solving user issues. Sometimes they are so common that I have a standard response, but sometimes I need to do some sleuthing to understand and solve it.
As many of my readers are in a similar position, I thought I’d introduce SharePoint Holmes, SharePoint investigator, who will go through a few cases while working out loud.

Image courtesy of ZaL141TeLq on Wikimedia.

7 Risks of Copy To and Move To (in SharePoint Online)

In my earlier post, I explained what happens when you use Copy To and Move To. CopyMove-Risks

I really like using it, but of course there are some risks too, especially because it is very easy to do.
I have already encountered the first casualties and I assume many more will follow.

So here are some things that I think are a tad dangerous:

  1. Even people with only “Read” permissions can Copy your content to a site they have more permissions to, or to their OneDrive. What does this do for “one version of the truth”?
  2. It is now very easy to Copy confidential content to a location with a completely different audience.
  3. People with Contribute or Edit in your site can Move documents to another site and delete them from your site.
    This has been a recent issue with one of my users. He reported that he had lost a large part of his site’s content and did not know what had happened. Fortunately I found his (200+) documents in the Recycle Bin. They had all been deleted by the same person, in a time span of about 5 minutes. I still do not know if that person had really used the Move option, but it is plausible.
  4. There is no way for you, as a site owner, to see if content has been Copied to a different site.
    You can see in the Document Information Pane if people have deleted content. You could also set an Alert for Deleted Items, so you know quickly if an unexpected large number of documents has been deleted and you can ask the deleter if they have Moved content. But for Copy…no option.
  5. As far as I know, there is no option for the site collection admins to see what has happened, except when documents that have been deleted are mentioned in the Document Information Pane or show up in the Recycle Bin. (Please let me know if you have found how to do it – a third-party tool perhaps?)
  6. You can lose metadata and versions if the target contains fewer than the source. With the new versioning settings the latter will probably not cause many issues.
  7. You can break links as I found out recently. I moved some documents around because I wanted to combine some libraries and I had forgotten these were accessed from Promoted Links. Duh! 🙂

How to counteract:

1. Give everyone only the permissions they really need

Making sure every person has the correct permissions is getting more and more important.
With the defaults for sharing and access requests set to give people “Contribute” or “Edit” permissions accidents with Copy or Move are more likely to happen.
Delve, that shows you potentially interesting information that you have access to, makes this part of site ownership even more important!
I often use an extra permissions set called “Contribute without Delete” which means people can Read, Add and Edit but only the Site Owner can delete content. That reduces the likelihood of content disappearing.

2. Inform users how Copy To and Move To work

If your users know how this works, they may be more aware what they are doing. Perhaps this picture helps to convey quickly what happens.

CopyMove-Versions

3. Inform users of the confidentiality of your content

Always make your site’s audience aware of the confidentiality status of your content. Not everyone may realize that some content (such as new brand names, prices or competitor info) may damage your company, should it fall into the wrong hands.
Tell your audience which content should not be shared and copied, and what the consequences could be if they do, both for the company and perhaps even for themselves.

4. Set Alerts for deleted items

You may want to set an Alert for content that is deleted, so you are warned when you see an unexpected large amount of deletions, for instance. As you can not restore the content someone else has deleted, contact your support team as quickly as possible to restore the content.

Of course I am curious to learn which issues you have encountered, and how you have solved those!

Image by Glenn Wallace on Flickr. 

10 things to know about Copy to and Move to (in SharePoint Online)

CopyMove-headerOf course you all know a number of ways to move documents from one place of SharePoint to another, such as Open With Explorer*, Content and Structure** and 3rd party tools.

But have you tried the “Copy to” and “Move to” options in SharePoint Online?
(I will use the words Copy and Move throughout this blog as this makes it easier to read…and write)

CopyMove-bar
Copy To and Move To become visible when you select one or more documents

I knew that Copy has been available for some time in document libraries, but only recently I have also discovered Move. So I decided to find out how it works and how I can explain this best to our audience. The Microsoft Help is accurate and helpful, but it does not mention everything.

1. This is only available in document libraries with Modern Experience. 

2. Copy and Move are available for Document, Asset and Picture Libraries.

You can Copy and Move folders or individual documents to other Document Libraries.
You can Copy and Move images from Asset and Picture Libraries, but only to the same Asset or Picture Library or other Document Libraries.
In Pages Libraries, you can only Copy a page and then only to the same Pages Library. This is useful when you want to base a page on an existing one.

CopyMove-Pages
In a Pages library, you can only Copy a page to the same library. No other targets are available.

 

CopyMove-targetoptions
Source and possible target libraries

3. Copy and Move can be done between OneDrive and SharePoint Online and vice versa.

CopyMove-OneDrive
Your OneDrive is always shown as option.

4. Copy and Move can be done between different site collections, unlike “Content and Structure”.

5. What you can do depends on your permissions.

a. To Copy, you will need at least “Add” permissions in the target site.
You will be adding documents, so you will need Contribute, Edit or Full Control or similar.
“Read” permissions to the source site are sufficient in order to be able to Copy content.
b. To Move, you will need at least “Add” permissions in the target site AND “Delete” permissions in the source site, as Move deletes the documents in the source site.

CopyMove-Permissions
The roles you need

 

6. Copy only copies the latest version, Move moves all versions.

This is the same as with Content and Structure, but it does not hurt to mention it again, as this is now available for more users and can have consequences!

CopyMove-Versions
Differences in Copy and Move w.r.t. versions

7. Move keeps the original Created and Modified dates and names.

Copy keeps the original Modified date and Modified By name, but Create date will be now and Created By will be the name of the person who copied. This makes sense, as you are creating a new instance with new Create info.
This can also be slightly confusing, as the Create date can be later than the Modified date.
In the screenshots below, I have used the same Source Library and two different Target Libraries, to show the difference between Copy and Move.
The documents have different dates, people and versions.

First, let us Copy the 3 selected documents

CopyMove-Copy3docs
Version number are 3.0, 2.0 and 5.0, respectively. Different names in Modified By and Created By.

 

This is the result:

CopyMove-3docscopied
All documents have been copied as a new version with the Created date of some minutes ago – while the Modified date is earlier! Created By is me (I did it) while the Modified By is still the same.

 

Now, let’s Move the same 3 documents to a different library:

CopyMove-Move3docs
Now we are moving these same 3 documents

This is the result:

CopyMove-3docsmoved
The original names and dates are in Created By, versions are the same.

 

8. You will receive warning messages in certain scenarios.

a. You Move a document to a target document library that has fewer versions enabled than the source. In this case, document Sharing 9 has 5 versions, the target library 3. You will get a useful warning and the option to stop the process. You do not get this warning when you Copy, as this only copies the latest version.
(This will become less of an issue with the changes in versioning coming up)

CopyMove-VersionWarning
Warning about fewer versions

b. You Move a document to a document library with fewer/different metadata. In this case, I am moving a document that has a Topic column to a target without that. Again, you can Copy it with no warning.

CopyMove-metadatawarning
Warning about different metadata

c. You Copy or Move a documents to a target location that already has a document with the same name.

CopyMove-Titlewarning
You can not Copy or Move when a document or folder with the same name exists in the Target library

9. This functionality is not available for guests.

Guests who want to Copy or Move get an error message, even if they have the correct permissions and see the options. Judging from the error message, the sites shown in the panel are sites you follow and/or have recently visited. As externals have no OneDrive to store their Followed sites, nor Delve to see the recently visited sites, this makes sense.
This may get awkward for long-term trusted external partners, though.

CopyMove-MysteryGuestIssue
Even though the option to Copy or Move is displayed, external users/guests can not do this.

10. The sites that are suggested as targets are based on the Office Graph. 

A good reason to Follow your sites – they show in the targets panel and save you searching. The suggestions are based on the Office Graph and this explains why external guests can not Copy or Move – they have no Office Graph. Thanks to Greg Zelfond for providing me with this info! 

CopyMove-followed sites
What is shown here depends on your Office Graph.

 

My two cents

I am quite happy with this functionality. It is very simple and it will be very useful in case of organizational change or archiving a project.
I now use it all the time when I move instruction and help documentation (that I write using a Word template on my laptop) from my OneDrive to SharePoint. Somehow it feels easier.

However, I would not be me if I did not see some risks. But as this is already quite a long post, I will leave that for next time.

Special characteristics of other ways to move documents

*Open with Explorer
Microsoft help
• Needs Windows on your PC as it opens Windows Explorer
• Needs Internet Explorer 32 bits, does not work with any other browser
• Only works with Classic SharePoint
• Content takes Create/Modify dates and names from the person performing the action and the date/time of the action
• No versions can be copied or moved

**Content and Structure
• Only accessible for people with Contribute or higher
• Only available to copy and move within the site collection
• Only available when your site collection has publishing features enabled

Image courtesy of Baitong333 at FreeDigitalPhotos.net

An unpleasant inheritance

inherit-picInheriting something is a mixed pleasure.
You can become the proud owner of your uncle’s lovely old-timer, or be able to wear your grandmother’s diamond necklace and matching earrings at grand events, but you generally receive those treasures only after a dear one has passed away.
But you can also inherit debts, a house with an expensive mortgage, a nephew or other “things” that you have never wanted.

Inheriting permissions in SharePoint can also be a curse rather than a blessing.
“I have suddenly lost access” has been the title of many recent incidents. No need to blame this on Microsoft, SharePoint or the support team, because in 99% of cases this is a human error:

  • The Site Owner accidentally removed their own permissions while cleaning up a document library’s  or site’s permissions. The support team can easily fix this.
  • The Site Owner accidentally inherits the permissions from the parent site. That is pretty serious and has happened alarmingly often!
inherit-removeuniquepermissions
A dangerous button that will inherit permissions from the parent – this can be wanted in documents, folders and libraries but can wreak havoc in sites.

I have already mentioned in many of our instruction materials: “if you see “this web site has unique permissions” in the yellow bar, DO NOT CLICK “Delete unique permissions” as you will

  • Inherit the permissions from the parent site
  • Lock yourself out of your site if you have insufficient permissions on the parent site
  • Remove all unique permissions in your site (and there is no “undo” or “restore” option)
inherit-thiswebsitehasnqiuepermissions
If you see this text, you are at the site level!

The warning message appears not to be informative enough to keep people from proceeding.

inherit-warning
The warning message before you inherit the permissions from the parent site.

Recently I have guided a few people through “permissions stuff” via screenshare and I notice that they always want to click ‘Delete unique permissions” when they want to remove users. In several cases these users were individuals who were not in a group and therefore were seen as having unique permissions.
On those occasions I have been just in time to guide their mouse pointers to the right button: “Remove User Permissions”.

inherit-removeuserpermissions
Use this when you want to remove  groups or individuals from your site

This has now happened so often, with such serious consequences, that I have added a suggestion to Microsoft SharePoint Uservoice to rename “Delete Unique Permissions” into “Inherit permissions from parent” as this is probably easier to understand for the user than the current wording. If you agree, please support my request. (Happy to return the favour, of course)

You know, like in SharePoint 2007:

Inheritpermissions2007
What it looks like in SharePoint 2007 – much more intuitive! (Pic taken with Phone)

And if you have taken any measures that successfully prevent this accidental inheritance, please share!

Image courtesy of Phil_Bird at FreeDigitalPhotos.net

SharePoint Holmes and the Missing Menu-item

SPHolmes-EditPageThe case

“I am officially the owner of the site, but I can not manage the site”, the user had written in the description field of the incident.
I asked her what exactly she was trying to do that was impossible, and she said she had wanted to make changes to the homepage of the site.

“But the menu in the gear wheel does not look like the training materials”, she said. “Please see attached screenshot”.

Now that was an interesting screenshot!

SPHolmes-EditPage-Gear wheel
“Site settings” but no “Edit page” in the menu!

I could have asked her if she was able to go to the homepage from the Site Pages or Pages library and if she would have been able to conjure up the Page tab and do it from there, but I was so intrigued by the screenshot that I decided to do some investigation. After all, the “Edit page” option needs to be there and I could better fix that once and for all than waste her time with workarounds. Her problem was not so urgent that she needed the workaround.

And to be frank, I hoped it would turn out to be another SharePoint Holmes topic 🙂

The investigation

  1. Of course, I checked the permissions first. They looked OK. (You know the Dutch words by now, right? 🙂 )

    SPHolmes-EditPage-Permissions
    Owners with Full Control, Members with Edit, Visitors and another group with Read permissions – looks normal!
  2. Yes, she was in the Owners group with Full Control.

    SPHolmes-EditPage-InOwnersGroup
    Mystery Guest is in the Owners group.
  3. I checked the items with unique permissions. The Site Pages library was one of them.
  4. Aha, the Site Pages library had very limited permissions – only Visitors had Read access and that was it. As the Visitors group contained a company-wide AD group, I knew she had access – but only with Read permissions.

    SPHolmes-EditPage-SitePagesPermissions
    Fortunately a wide audience could see the site’s pages – but nobody could edit them!
  5. I checked the Homepage permissions to be on the safe side, and that inherited permissions from the library. So she could see the homepage but not edit it.

The solution

I added the Owners group back to the Site Pages library with the proper permissions. I informed the Site Owner that she had removed the permissions of everyone except the Visitors.
She informed me that “Edit Page” was now in her Gear Wheel menu and she could edit the page again. Problem solved!
I suggested to think about what she wanted to do with this library – keep it like it was with only Owner and Visitor groups (to avoid unwanted edits) or to inherit the permissions from the site.

I wish I had something more deep and interesting to conclude than: “SharePoint permissions are difficult to understand and manage”. 😦

But if you ever come across a screenshot like that, you know what to do!

About SharePoint Holmes:
Part of my role is solving user issues. Sometimes they are so common that I have a standard response, but sometimes I need to do some sleuthing to understand and solve it.
As many of my readers are in a similar position, I thought I’d introduce SharePoint Holmes, SharePoint investigator, who will go through a few cases while working out loud.

Image courtesy of  Clker-Free-Vector-Images on Pixabay.

SharePoint Holmes and the Pesky Permissions

SH-Pesky-ByOllieArteThe case

“This user is losing her access all the time”, the site owner said. “She keeps getting an access denied and then asking me for access”.
Now I know that SharePoint permissions can be a bit of a nightmare, but I have not come across situations where people who have access, suddenly lose that without any actions on the side of the site owner or manager of the permissions group.

The site owner told me he had added her to a group in his site. This group needs Edit permissions to the Commercial documents, a document library with confidential information.

“When she gets that access denied message, do you find she has disappeared from that group?” I asked him, but he did not know that.  Not very helpful, but a site owner should not have to be a detective, of course; things should just work.

So…time to get my Detective paraphernalia out of the closet and set out on a hunt for clues.

The investigation

    1. First step: site permissions.
      The group was called L1-CommercialTeam, with Read permissions.

      SH-Pesky-Site permissions
      I still have not figured out why permission levels are mentioned in Dutch, but trust me: The L1-CommercialTeam has Read access on this site.

      That looked OK, knowing she would have Edit permissions on one library. And indeed, when I looked at the “Users with Limited Access” I saw this:

      SH-Pesky-LimitedAccess
      Limited access because this group has Edit permissions on one document library.
    2. I checked the settings of the group. The user was a group member. The owner of the group was the site owner group, so there were no other parties who might have been messing about.
    3. I checked the permissions of the group: Read + Limited Access on the site, Edit on the document library. OK.
    4.  I checked the permissions for the library with confidential information. Indeed, the group had Edit permissions there.

      SH-Pesky-LibraryPermissions
      Enter a caption
    5. So, everything looked OK. What could have gone wrong? It is extremely hard to solve things that “occasionally happen” so I needed some time to think about next steps.
    6. I decided to have a look at all the permissions in the site, knowing that things can be more complicated than you might think at first sight.
      That was interesting: all 3 document libraries in the site had unique permissions, but the L1-CommercialTeam only had access to the Commercial Documents.

      SH-Pesky-Uniquepermissions
      All document libraries in this site have unique permissions
    7. I contacted the user and she confirmed that the she got the access denied when she wanted to go to the other document libraries.
    8. I contacted the site owner and asked him when he had created the Commercial Documents library and the group  – this had been done recently.

The solution

As the unique permissions in the other document libraries had been created before the L1-CommercialTeam group had been created and added to the site, the L1-CommercialTeam did not automatically get access to those libraries.

I informed the site owner about the permissions in his site – that all libraries had different permissions and that the user had requested access to the two libraries that she did not have access to.
He had inherited the site from a predecessor and was not aware of the unique permissions.
Besides, as the group appeared to have Read permissions at site level, he thought the group had access to everything. I can not blame him, really.

He gave the L1-CommercialTeam access to one library, and re-inherited permissions to the other. No access denieds have been reported since.

So, dear site owner, please check the unique permissions in your site on a regular basis. SharePoint Online has a very useful link on the site permissions page, which has turned into my new BFF:

SH-Pesky-Showtheseitems
This link allows you to see all libraries and lists with unique permissions, as well as libraries and lists that contain items with unique permissions.

 

About SharePoint Holmes:
Part of my role is solving user issues. Sometimes they are so common that I have a standard response, but sometimes I need to do some sleuthing to understand and solve it.

As many of my readers are in a similar position, I thought I’d introduce SharePoint Holmes, SharePoint investigator, who will go through a few cases while working out loud.

Image courtesy of Ollie Olarte.