0

In our sharepoint farm we have two groups:

Users - Contains ALL users of our application (including administrators)

Admins - Contains users with admin privileges

I'm currently trying to deny access to System Pages (_layouts/ files) for all users in the "Users" group to prevent modifying lists etc. without going through the corresponding webpart UI. To do this I added a permission policy with DENY on View Application Pages. This works as its supposed to for normal users, but the problem is it also blocks the administrators from accessing lists etc.

I tried granting everything to the Admins group, but the deny still overrides it preventing access.

How can I grant access to the admins when their user is blocked in another group?

Jonas Mohammed
  • 377
  • 4
  • 14

1 Answers1

0

You could use JSOM solution, check user groups and admin by JSOM(sample script from this thread).

Below script contains logic to check is user admin.

function IsCurrentUserMemberOfGroups(groups, OnComplete) {
            var currentContext = new SP.ClientContext.get_current();
            var currentWeb = currentContext.get_web();
            var currentUser = currentWeb.get_currentUser();
            var isAdmin = currentUser.get_isSiteAdmin();
            var oGroups = currentUser.get_groups();
            currentContext.load(isAdmin);
            currentContext.load(currentUser);
            currentContext.load(oGroups);
            currentContext.executeQueryAsync(OnSuccess, OnFailure);

            function OnSuccess(sender, args) {
                var userInGroup = false;
                console.log('Admin check' + isAdmin);
                if (!isAdmin) {
                    var groupEnumerator = oGroups.getEnumerator();
                    while (groupEnumerator.moveNext()) {
                        var oGroup = groupEnumerator.get_current();
                        var groupTitle = oGroup.get_title();
                        console.log(groupTitle);
                        $.each(groups, function (index, value) {
                            if (value == groupTitle) {
                                console.log('user in group ' + groupTitle);
                                userInGroup = true;
                            }
                        });
                        if (userInGroup)
                            break;
                    }
                }
                OnComplete(userInGroup);
            }

            function OnFailure(sender, args) {
                OnComplete(false);
            }
        }

Then, redirect user to a friendly page.

Add the script to master page or add as javascript link as it need to be run globally.

SharePoint Custom JS file Best Practice

Lee
  • 5,305
  • 1
  • 6
  • 12