Sunday, November 18, 2018

User is in SharePoint Group but doesn't get permissions

Found this today - a user shows up in a SharePoint group, but when you do a permission check the user doesnt have permissions to resources in sharepoint that the group has permissions to.
One explanation to this that I found is when the user was added to the group using the API (REST, JSOM, CSOM) by specifying the user's login name (domain\username). Turns out that adds the user to the group, but not the correct it looks right, but it isn't. what is the correct user? you have to add the claims token "i:0#.w|" before the domain\username to properly add the user.
This off course applies to the code that adds the users. As far as I can tell you will have to remove the incorrect users, and then add them again either manually or using code.

No comments: