Only one user with contribute access gets access denied to SharePoint site collection. Every SharePoint admin might have faced this issue atleast once. In my case, user is added to a SharePoint group with Contribute access. Access shows up as Contribute when verified through site permissions – check permission option. Every other person in the group can access the site. User with issue can access every other site collection, problem is just with 1 site collection.No helpful information from ULS logs other either.
Only helpful information i found in logs is
unknown sprequest error occurred 0x80070005 – which again says user does not have access to some resource.
I tried the following things first:
- Provided same level of access individually to user instead of group. – Did not work
- Added other users to the same group. – Other user is able to access the site. No issue with group.
- Verified access to Site pages, master pages, site assets and all the required files for user. – No issues there.
- Made sure that there is not broken inheritance to any resource which is displayed on home page of site.
- Made sure that there are no closed webparts or delete files from recycle bin stopping the access.
Sometimes we get a clue about the resource blocking access from access denied URL.
Example : http://site.domain.com/sites/site/_layouts/AccessDenied.aspx?Source=http%3A%2F%2Fdomain%2Ecom%2Fsites%2Fsite2%2FShared%20Documents%2FForms%2FAllItems%2Easpx
Source attribute will point to the resource which is blocking access.
Even this did not give me any clue as the Source is pointing to the site collection home.
In a desperate attempt, I have tried to elevate the user access to see what happens. Provided ‘Full Control’ to user, still gets access denied. When user is added as site collection admin, he is able to access the site. Now, i have removed site collection admin access and placed user back in Contribute group, voila! User is able to access the site with Contribute access.
Adding & removing user as site collection admin did the trick.
Resource which is blocking access, which should’nt happen in the first place is made accessible after bumping up the user access and bringing it down. It might be because of the fact the user had other evel of access to site collection before which is cached and never got updated. Removing the user from Hidden user list might have also resulted in the same thing – just a thought.
Edited on 05/02/2022 :
Make sure to check whether following Site Collection feature is turned ON. Limited-access user permission lockdown mode. If in case it is turned on, a user with Limited access permission at top level site, cannot pass through application pages to get to where they have Read/Contribute access to a particular item or document. Deactivating this feature will let users with access to only one document/folder or item pass through application pages and get to what they access to.