How to deny access for single user? : Sharepoint

I have setup users properly in the SharePoint group, and all works
fine, until there's one particular user seems to abuse the permission
on one discussion forum. So user intend to deny access to this single
user to the discussion forum. How can the discussion forum admin
easily deny access this single user only to the Discussion Forum? This
user cannot be removed from the group, because he should still be able
to access other site/lists. Is there deny permission in SharePoint?

Go to your Central Administration and modify the policy to deny all for the
particular user.
--
Erwin Tsai
MCPD, MCTS




"Gunady" wrote:

> I have setup users properly in the SharePoint group, and all works
> fine, until there's one particular user seems to abuse the permission
> on one discussion forum. So user intend to deny access to this single
> user to the discussion forum. How can the discussion forum admin
> easily deny access this single user only to the Discussion Forum? This
> user cannot be removed from the group, because he should still be able
> to access other site/lists. Is there deny permission in SharePoint?
>

On May 9, 1:06 pm, Erwin Tsai <ErwinT...@discussions.microsoft.com>
wrote:
> Go to your Central Administration and modify the policy to deny all for the
> particular user.
> --
> Erwin Tsai
> MCPD, MCTS
>
>
>
> "Gunady" wrote:
> > I have setup users properly in the SharePoint group, and all works
> > fine, until there's one particular user seems to abuse the permission
> > on one discussion forum. So user intend to deny access to this single
> > user to the discussion forum. How can the discussion forum admin
> > easily deny access this single user only to the Discussion Forum? This
> > user cannot be removed from the group, because he should still be able
> > to access other site/lists. Is there deny permission in SharePoint?- Hide quoted text -
>
> - Show quoted text -

But, by denying access from Central Admin, it will block the user to
access to the whole site. User just needs to be blocked from the
dicussion forum only, or deny write to the discussion forum. Thanks

It looks like I miss out the 2nd part of the question.

Yes, policy will block out users entirely.

If you want to only deny one particular user to your discussion board, you
will need to remove the users from the Sharepoint Group and give the user
proper permission for the site collection. Then, you have to configure your
discussion board permission individually. Rather rather applying parent
permission, you need to click "Edit Permission", and set the user with lock
down (read only) permission.

Sharepoint use the less restricted in the site permission level, so if you
don't remove the user from the Sharepoint Group, then the same permssion will
apply to the user.

--
Erwin Tsai
MCPD, MCTS




"Vincent" wrote:

> On May 9, 1:06 pm, Erwin Tsai <ErwinT...@discussions.microsoft.com>
> wrote:
> > Go to your Central Administration and modify the policy to deny all for the
> > particular user.
> > --
> > Erwin Tsai
> > MCPD, MCTS
> >
> >
> >
> > "Gunady" wrote:
> > > I have setup users properly in the SharePoint group, and all works
> > > fine, until there's one particular user seems to abuse the permission
> > > on one discussion forum. So user intend to deny access to this single
> > > user to the discussion forum. How can the discussion forum admin
> > > easily deny access this single user only to the Discussion Forum? This
> > > user cannot be removed from the group, because he should still be able
> > > to access other site/lists. Is there deny permission in SharePoint?- Hide quoted text -
> >
> > - Show quoted text -
>
> But, by denying access from Central Admin, it will block the user to
> access to the whole site. User just needs to be blocked from the
> dicussion forum only, or deny write to the discussion forum. Thanks
>
>

On May 9, 8:17 pm, Erwin Tsai <ErwinT...@discussions.microsoft.com>
wrote:
> It looks like I miss out the 2nd part of the question.
>
> Yes, policy will block out users entirely.
>
> If you want to only deny one particular user to your discussion board, you
> will need to remove the users from the Sharepoint Group and give the user
> proper permission for the site collection. Then, you have to configure your
> discussion board permission individually. Rather rather applying parent
> permission, you need to click "Edit Permission", and set the user with lock
> down (read only) permission.
>
> Sharepoint use the less restricted in the site permission level, so if you
> don't remove the user from the Sharepoint Group, then the same permssion will
> apply to the user.
>
> --
> Erwin Tsai
> MCPD, MCTS
>
>
>
> "Vincent" wrote:
> > On May 9, 1:06 pm, Erwin Tsai <ErwinT...@discussions.microsoft.com>
> > wrote:
> > > Go to your Central Administration and modify the policy to deny all for the
> > > particular user.
> > > --
> > > Erwin Tsai
> > > MCPD, MCTS
>
> > > "Gunady" wrote:
> > > > I have setup users properly in the SharePoint group, and all works
> > > > fine, until there's one particular user seems to abuse the permission
> > > > on one discussion forum. So user intend to deny access to this single
> > > > user to the discussion forum. How can the discussion forum admin
> > > > easily deny access this single user only to the Discussion Forum? This
> > > > user cannot be removed from the group, because he should still be able
> > > > to access other site/lists. Is there deny permission in SharePoint?-Hide quoted text -
>
> > > - Show quoted text -
>
> > But, by denying access from Central Admin, it will block the user to
> > access to the whole site. User just needs to be blocked from the
> > dicussion forum only, or deny write to the discussion forum. Thanks- Hide quoted text -
>
> - Show quoted text -

Thank you for the reply. Our current portal contains large number of
site and subsite, with some already has unique permission, but thanks
to SharePoint Group, this is still somewhat maintainable. However, if
single user is removed from the group, it means that this user lost
all the permission to the entire site. To grant it back to the rest of
the site is not an easy admin task. I think with the current site
setting, this might be too difficult to maintain too .

If there's a way to deny access to only one site/list, then it should
solve the problem. But this feature is nowhere to find in the
Sharepoint (WSS/MOSS) .
Any other idea?

Since Sharepoint applies less restricted Site permission, I cannot think a
simple solution to overcome your problem.

How do you manage your site permission at the moment? If you create your
custom site permission and apply the permission to Sharepoint Groups, you
will more likely to achieve this via the option I stated in the last post.
--
Erwin Tsai
MCPD, MCTS




"Vincent" wrote:

> On May 9, 8:17 pm, Erwin Tsai <ErwinT...@discussions.microsoft.com>
> wrote:
> > It looks like I miss out the 2nd part of the question.
> >
> > Yes, policy will block out users entirely.
> >
> > If you want to only deny one particular user to your discussion board, you
> > will need to remove the users from the Sharepoint Group and give the user
> > proper permission for the site collection. Then, you have to configure your
> > discussion board permission individually. Rather rather applying parent
> > permission, you need to click "Edit Permission", and set the user with lock
> > down (read only) permission.
> >
> > Sharepoint use the less restricted in the site permission level, so if you
> > don't remove the user from the Sharepoint Group, then the same permssion will
> > apply to the user.
> >
> > --
> > Erwin Tsai
> > MCPD, MCTS
> >
> >
> >
> > "Vincent" wrote:
> > > On May 9, 1:06 pm, Erwin Tsai <ErwinT...@discussions.microsoft.com>
> > > wrote:
> > > > Go to your Central Administration and modify the policy to deny all for the
> > > > particular user.
> > > > --
> > > > Erwin Tsai
> > > > MCPD, MCTS
> >
> > > > "Gunady" wrote:
> > > > > I have setup users properly in the SharePoint group, and all works
> > > > > fine, until there's one particular user seems to abuse the permission
> > > > > on one discussion forum. So user intend to deny access to this single
> > > > > user to the discussion forum. How can the discussion forum admin
> > > > > easily deny access this single user only to the Discussion Forum? This
> > > > > user cannot be removed from the group, because he should still be able
> > > > > to access other site/lists. Is there deny permission in SharePoint?- Hide quoted text -
> >
> > > > - Show quoted text -
> >
> > > But, by denying access from Central Admin, it will block the user to
> > > access to the whole site. User just needs to be blocked from the
> > > dicussion forum only, or deny write to the discussion forum. Thanks- Hide quoted text -
> >
> > - Show quoted text -
>
> Thank you for the reply. Our current portal contains large number of
> site and subsite, with some already has unique permission, but thanks
> to SharePoint Group, this is still somewhat maintainable. However, if
> single user is removed from the group, it means that this user lost
> all the permission to the entire site. To grant it back to the rest of
> the site is not an easy admin task. I think with the current site
> setting, this might be too difficult to maintain too .
>
> If there's a way to deny access to only one site/list, then it should
> solve the problem. But this feature is nowhere to find in the
> Sharepoint (WSS/MOSS) .
> Any other idea?
>

If you still have this problem which i wish you dont; see if following workaround works:

Just for the discussion group break the inheritance and give just read access to this user individually. Sharepoint should take least permission precedence so this user even if part of other group with more access should be restricted from writing.

I have not actually tried this out so sorry if this doesn't work in actual.