Troubleshoot "You need permission to access this site/item" issues when trying to access training from SharePoint

Introduction

In certain cases, when users try to access a SharePoint page for training, they may encounter "You need permission to access this site/item" errors.

In this article, we go through solutions that can be implemented on both the LMS365 (Learn365) and SharePoint sides to address or prevent these issues.

 

access_without_permissions.png

 

Solutions on the LMS365 (Learn365) side

On the LMS365 (Learn365) side, you can address these issues in the following ways:

  • In the Learn365 Admin Center via the Users list.
  • Via the LMS365 (Learn365) API.

 

In the Learn365 Admin Center via the Users list

Required role: catalog admin

1. In the Learn365 Admin Center, navigate to the Users page.

2. Check to see if the user is added to the Users list or only to specific training.

If the user is added only to specific training, they'll have a special icon, as shown in the following image.

 

user_not_in_catalog.png

 

In such cases, the user is added only to the SharePoint Learners group for the specific training but they aren't added to SharePoint Visitors group of the course catalog site. This may cause the user to encounter access issues.

We recommend you add all employees to the Users list before enrolling them in respective courses or training plans. Being added to the Users list means this learner is automatically added to the SharePoint site Visitors group of the course catalog in SharePoint. As a result, the Visitors group gives the learner the Read permissions level in the SharePoint course catalog site, enabling access to view all course and training plan home pages in the course catalog, and prevents users from encountering the access denied message from SharePoint when they navigate around the course catalog.

When you add a user to the Users list, no previous learning data for this user will be lost. This includes course progress and completion records.

 

Via the LMS365 (Learn365) API

A situation can arise where an existing user’s account is deleted, and later, an account is created for a different user with the same login name.

As a result, SharePoint will persist in acknowledging the deleted account and will prevent the new user from accessing the page.

Via the LMS365 (Learn365) API, you can check whether this is the case, and whether you have identical user accounts in LMS365 (Learn365).

To check if identical user accounts exist, follow these steps:

1. In the LMS365 (Learn365) API, authorize with the relevant API key and navigate to the Users section.

2. Find the Users section, expand it, find the GET​/odata​/v2​/Users endpoint, and select Try it out.

3. In $filter, enter Title eq '{user_title}', for example, Title eq 'Adele Vance'.

4. Select Execute. Check the returned data in the Response body. You may find duplicate login names.

 

the_response_body.png

 

If this is the case, you can:

  • Merge these user accounts to eliminate conflicts in LMS365 (Learn365). For more information on how to merge user accounts, see this article.
  • Search for a solution on the SharePoint side.

 

Solutions on the SharePoint side

Required role: SharePoint admin

To investigate solutions on the SharePoint side, consider one of the following options:

  • The SharePoint admin and Microsoft 365 global admin can run diagnostics on the tenant to identify issues that affect user access by navigating to the following link: https://aka.ms/PillarCheckUserAccess.
  • Verify the permissions of affected users on the SharePoint side for the relevant course catalog and take the necessary actions. To do this, follow these steps:

1. On the relevant SharePoint course catalog home page, go to Settings > Site permissions.

 

site_settings_.png

 

2. On the opened Permissions panel, select Advanced permissions settings.

 

advanced_permissions_.png

 

3. On the opened Permissions page, select Check Permissions. This opens a window where you enter the name or email address of the relevant user, then select Check Now.

 

Check_permissions_.png

 

As a result, you may see one of the following results and you'll need to perform further actions:

  • The user has the Read permissions of the Visitors group in the course catalog. In this case, the user shouldn't encounter permission issues.

 

catalog_visitors_group.png

 

  • The user has no permissions (None).

In this case, add the user to the relevant course catalog via the Learn365 Admin Center > Users.

We recommend you add all users to the Users list before enrolling them in respective courses or training plans. Being added to the Users list means users are automatically added to the SharePoint site Visitors group of the course catalog. As a result, the Visitors group gives learners the Read permissions level in the SharePoint course catalog site, enabling access to view all course and training plan home pages in the course catalog, and prevents users from encountering the access denied message from SharePoint when they navigate around the course catalog.

 

None_permissions.png

 

  • The user has "Read, Limited access" instead of "Read" in the SharePoint Visitors group.

In this case, check the permission level in the SharePoint Visitors group. For this, select Permission Levels and, from the opened Permissions Levels panel, select the relevant permission level link to adjust the settings.

 

check_permission_levels_.png

 

4. If the error persists, delete the affected user from the SharePoint site collection (course catalog) and add them to the course catalog via the Learn365 Admin Center > Users.

 

To delete the user from the SharePoint site collection, follow these steps:

1. From the course catalog home page, navigate to the All People group of your course catalog by adding /_layouts/15/people.aspx?MembershipGroupId=0 to the end of the course catalog URL. For example, https://compafi464.sharepoint.com/sites/Academy/_layouts/15/people.aspx?MembershipGroupId=0

2. On the opened page, you'll see a list of all the users of the current SharePoint site collection (course catalog). Select the checkbox of the affected user and, from the Actions drop-down list, select Delete Users from Site Collection.

 

delete_user_.png

 

3. Add the user to the course catalog via the Learn365 Admin Center > Users. Check whether they have access and whether they are present in the Visitors group of this site.

4. If synchronization between LMS365 (Learn365) and SharePoint fails and the user still encounters the issue, we suggest adding a user to the course catalog SharePoint Visitors group again via the PowerShell script. For detailed steps, see this Microsoft documentation.

For more troubleshooting information for this issue, see the following Microsoft documentation:

 

Was this article helpful?
0 out of 0 found this helpful

Comments

Article is closed for comments.