I have spent a month troubleshooting a crazy problem with SharePoint 2010, stumping everyone that worked on it. The problem was just resolved, and it involves something I’ve never seen before, so I thought I would share so that the solution is out there on the intarwebs :)
I have a large document library, using managed metadata columns and metadata navigation. I had created some custom term sets at the site collection level, which were consumed by site columns in my document library. My users were all granted contributor permissions to the library, and could successfully upload documents into the document library.
Although users could upload to the library, they could not edit the properties of documents they had just uploaded. When trying to do so, they would receive an IIS 403 (access denied) error as below. Strange, as they had the right permissions, and this was an IIS 403 error, not a standard SharePoint access denied message.
Users would also be able to browse the document library with no problems, but if they tried to navigate via the metadata navigation, they would again receive the 403 access denied error. Strange… users could see ALL documents, but not a filtered view.
Everything worked fine for site collection administrators (one of the support folks just suggested that I make all site collection users to be site collection admins, but I did not think that was a very good idea ;)
The common thread for both of these issues was the managed metadata. Users did have permissions in the library, and to the managed metadata service. It turns out that SharePoint 2010 has a hidden list at the site collection level called… appropriately enough, “TaxonomyHiddenList”. You can access this by going to http://servername/sitecollectionname/Lists/TaxonomyHiddenList/. As near as I can figure, this list holds all of the taxonomy items at the site collection level. You can visit and see all sorts of back-end information that probably means something to a programmer, but absolutely nothing to me.
In any case… my issued was caused by the fact that this list was not inheriting permissions from the site collection. Once I changed the permissions for this list to inherit from the site collection, everything started working. Good times! Hope this helps someone.
*Update: I spoke with the developer in charge of this feature (make sure to add the Microsoft Enterprise Content Management (ECM) team blog to your RSS reader BTW). This list should not inherit permissions from the site collection, but it SHOULD have read permissions for all authenticated users (this permission was missing in my case).
Cool Tip....i don't see much documentation on TaxonomyHiddenList...
Thanks , I get good information for 403 error.
This is FANTASTIC! We're working on an enterprise-wide SharePoint environment and recently saw all our Managed Metadata columns fail to populate in Edit forms and in List/Library views. I currently have a Premier ticket open and they had no idea what to do--we're about to package the content database in question up and send it in for analysis.
I handle the taxonomy and metadata portion and will be testing out this fix on Monday. You and @d_kogan (one of the head managed metadata & taxonomy developers at Microsoft in Redmond) may have saved us from recreating the web application and migrating everything over, which most likely would not have fixed the issue, since we would've pulled permission along with the content.
I'll be letting you know!
Top blog. Helped me out here!
Thanks a lot!!!!!!!!!!!!!!!
You save my day buddy, this is a really stupid issue...
Thx for this blog article!! It saved me hours of trouble-shooting!
Thank you for taking the time to write this article, saved me from resorting to "Plan B"...
Thanks for this information. I would have spent hours to look for the missing access. I would have never considered this hidden list. You saved my day!
Awesome! Thanks for this, solved a problem that had been bugging my team for the past month.
I don't have such hidden list : TaxonomyHiddenList
Thanks! This issue is still out there and this fix still works!