Archive for July 31st, 2009
MySite Personal Documents available for all users
Posted by Søren in Sharepoint on July 31, 2009
I recently had a problem at a customer where the following problem had been happening for a while.
Whenever a new MySite was created the document library called “Personal Documents” had public access. So instead of being viewable for the owner only, it had the same persmissions set as the “Public Documents” library- namely inheritence from the Site. The site has (per default) access to all authenticated users, but you don’t want all users to watch your personal documents.
After having spent a while searching for the cause i realized that it only happened when the mysite created was by another language then default (english). The server had the danish language pack installed and the error was only present on sites created with the danish lanuage selected.
This issue is fixed with MOSS SP1 (included in to SP2 as well) and are described in the Description of the SharePoint Server 2007 issues that are fixed by the 2007 Microsoft Office servers Service Pack 1 KB article (search for “Personal Documents”). So once you have installed the SP1 or SP2 you wont experience the problem anymore.
The problem is described as: “On “My Site,” personal documents that are created by using a language other than the default language have the same permissions as shared documents”
Unfortunately you might be in a situation where there had been created some (or in my case many) mysites with this permission error.
I had to write a script that ran trough all my sites and corrected the error – and here it is so far (just create a console app and run the application with the site URL as parameter)
using System;
using Microsoft.SharePoint;
using Microsoft.Office.Server;
using Microsoft.Office.Server.UserProfiles;
using System.Web;
namespace MySitePermissionsCheckTool
{
class Program
{
public static SPSite oSiteColl;
public static DateTime start;
public static DateTime end;
static void Main(string[] args)
{
start = DateTime.Now;
Console.WriteLine("Script startet " + start.ToLongTimeString());
try
{
using (oSiteColl = new SPSite(args[0])) // http://mosssrv
{
ServerContext context = ServerContext.GetContext(oSiteColl);
UserProfileManager oManager = new UserProfileManager(context);
Console.WriteLine("There are " + oManager.Count + " profiles");
Console.WriteLine("");
foreach (UserProfile currentProfile in oManager)
{
if (currentProfile.PersonalSite != null)
{
Console.WriteLine(currentProfile["PreferredName"].ToString() + " has a mysite (continue)");
CheckPermissions(currentProfile.PersonalSite.Url);
}
else
{
Console.WriteLine(currentProfile["PreferredName"].ToString() + " doesn't have a MySite (ignore)");
}
Console.WriteLine("");
}
}
}
catch (Exception ex)
{
Console.WriteLine("Script error: " + ex.ToString());
}
end = DateTime.Now;
Console.WriteLine("Script done " + end.ToLongTimeString());
TimeSpan secondsRunning = end - start;
Console.WriteLine("Script running for " + secondsRunning.TotalSeconds + " seconds");
Console.Read();
}
private static void CheckPermissions(string personalSiteUrl)
{
Console.WriteLine(" - SiteUrl: " + personalSiteUrl);
using (SPSite oMySiteColl = new SPSite(personalSiteUrl))
{
using (SPWeb web = oMySiteColl.AllWebs[0])
{
SPDocumentLibrary personalDocuments = (SPDocumentLibrary)web.Lists["Personal Documents"];
bool HasUniqueRoleAssignments = personalDocuments.HasUniqueRoleAssignments;
if (HasUniqueRoleAssignments)
{
// DOESN'T inherit permissions - DO NOTHING!
Console.WriteLine(" - the list DOESN'T INHERIT permissions!");
}
else
{
// INHERIT permissions - REMOVE INHERITENCE!
Console.WriteLine(" - the list INHERIT permissions from site!");
Console.Write("Breaking roleinheritance...");
personalDocuments.BreakRoleInheritance(false);
Console.WriteLine("done!");
}
}
}
}
}
}
Søren's Blog 