Introduction
In certain cases, when users try to access a SharePoint page for training, they may encounter "You need permission to access this site/item" errors.
In this article, we go through solutions that can be implemented on both the Learn365 and SharePoint sides to address or prevent these issues.
Solutions on the Learn365 side
On the Learn365 side, you can address these issues in the following ways:
- In the Learn365 Admin Center via the Users list.
- Via the Learn365 API.
In the Learn365 Admin Center via the Users list
Required role: catalog admin
1. In the Learn365 Admin Center, navigate to the Users page.
2. Check to see if the user is added to the Users list or only to specific training.
If the user is added only to specific training, they'll have a special icon, as shown in the following image.
In such cases, the user is added only to the SharePoint Learners group for the specific training but they aren't added to SharePoint Visitors group of the course catalog site. This may cause the user to encounter access issues.
We recommend you add all employees to the Users list before enrolling them in respective courses or training plans. Being added to the Users list means this learner is automatically added to the SharePoint site Visitors group of the course catalog in SharePoint. As a result, the Visitors group gives the learner the Read permissions level in the SharePoint course catalog site, enabling access to view all course and training plan home pages in the course catalog, and prevents users from encountering the access denied message from SharePoint when they navigate around the course catalog.
When you add a user to the Users list, no previous learning data for this user will be lost. This includes course progress and completion records.
Via the Learn365 API
A situation can arise where an existing user’s account is deleted, and later, an account is created for a different user with the same login name.
As a result, SharePoint will persist in acknowledging the deleted account and will prevent the new user from accessing the page.
Via the Learn365 API, you can check whether this is the case, and whether you have identical user accounts in Learn365.
To check if identical user accounts exist, follow these steps:
1. In the Learn365 API, authorize with the relevant API key and navigate to the Users section.
2. Find the Users section, expand it, find the GET/odata/v2/Users endpoint, and select Try it out.
3. In $filter, enter Title eq '{user_title}', for example, Title eq 'Adele Vance'.
4. Select Execute. Check the returned data in the Response body. You may find duplicate login names.
If this is the case, you can:
- Merge these user accounts to eliminate conflicts in Learn365. For more information on how to merge user accounts, see this article.
- Search for a solution on the SharePoint side.
Solutions on the SharePoint side
Required role: SharePoint admin
To investigate solutions on the SharePoint side, consider one of the following options:
- If the issue persists only with external (guests) users, ensure external sharing is enabled at tenant and course catalog levels.
- The SharePoint admin and Microsoft 365 global admin can run diagnostics on the tenant to identify issues that affect user access by navigating to the following link: https://aka.ms/PillarCheckUserAccess.
- Verify the permissions of affected users on the SharePoint side for the relevant course catalog and take the necessary actions. To do this, follow these steps:
1. On the relevant SharePoint course catalog home page, go to Settings > Site permissions.
2. On the opened Permissions panel, select Advanced permissions settings.
3. On the opened Permissions page, select Check Permissions. This opens a window where you enter the name or email address of the relevant user, then select Check Now.
As a result, you may see one of the following results and you'll need to perform further actions:
- The user has the Read permissions of the Visitors group in the course catalog. In this case, the user shouldn't encounter permission issues.
- The user has no permissions (None).
In this case, add the user to the relevant course catalog via the Learn365 Admin Center > Users.
We recommend you add all users to the Users list before enrolling them in respective courses or training plans. Being added to the Users list means users are automatically added to the SharePoint site Visitors group of the course catalog. As a result, the Visitors group gives learners the Read permissions level in the SharePoint course catalog site, enabling access to view all course and training plan home pages in the course catalog, and prevents users from encountering the access denied message from SharePoint when they navigate around the course catalog.
- The user has "Read, Limited access" instead of "Read" in the SharePoint Visitors group.
In this case, check the permission level in the SharePoint Visitors group. For this, select Permission Levels and, from the opened Permissions Levels panel, select the relevant permission level link to adjust the settings.
4. If the error persists, delete the affected user from the SharePoint site collection (course catalog) and add them to the course catalog via the Learn365 Admin Center > Users.
To delete the user from the SharePoint site collection, follow these steps:
1. From the course catalog home page, navigate to the All People group of your course catalog by adding /_layouts/15/people.aspx?MembershipGroupId=0 to the end of the course catalog URL. For example, https://compafi464.sharepoint.com/sites/Academy/_layouts/15/people.aspx?MembershipGroupId=0
2. On the opened page, you'll see a list of all the users of the current SharePoint site collection (course catalog). Select the checkbox of the affected user and, from the Actions drop-down list, select Delete Users from Site Collection.
3. Add the user to the course catalog via the Learn365 Admin Center > Users. Check whether they have access and whether they are present in the Visitors group of this site.
4. If synchronization between Learn365 and SharePoint fails and the user still encounters the issue, we suggest adding a user to the course catalog SharePoint Visitors group again via the PowerShell script. For detailed steps, see this Microsoft documentation.
For more troubleshooting information for this issue, see the following Microsoft documentation:
- "Access Denied" or "You need permission" errors in SharePoint Online and OneDrive.
- Troubleshoot user profile removal issues in SharePoint.
- "Access Denied" to Access Requests list or "Request approval failed" when you process a pending request.
- Set up and manage access requests.
Comments
Article is closed for comments.