{"id":135,"date":"2014-04-18T14:50:32","date_gmt":"2014-04-18T14:50:32","guid":{"rendered":"https:\/\/www.harepoint.com\/Blog\/?p=135"},"modified":"2019-02-26T14:03:31","modified_gmt":"2019-02-26T14:03:31","slug":"active-directory-sharepoint-permissions","status":"publish","type":"post","link":"https:\/\/www.harepoint.com\/Blog\/active-directory-sharepoint-permissions\/","title":{"rendered":"HarePoint Active Directory Self Service: configure permissions to avoid &#8220;Access denied&#8221; error\u200b"},"content":{"rendered":"\n<p><b>First of all, please, don\u2019t work with <a href=\"\/Products\/HarePointSelfService\/Default.aspx\">HarePoint Active Directory Self Service web part<\/a> as a System Account!<\/b> The product is not working with System Account from scratch, because of security reasons.<\/p>\n<p>An <b>&#8220;Access denied&#8221;<\/b> error means current user account don&#8217;t have enough permissions to update one (or more) of the Active Directory fields. In this article we will show how to solve this issue to update the user profile picture, but this solution is suitable for all other cases. Technically in the AD case, it&#8217;s a thumbnail picture, and for a User Profile or Sharepoint, it&#8217;s a URL of the picture.<\/p>\n<p>If this error appears after the &#8220;save&#8221; action, just go to <b>Site Settings &#8211; HarePoint Active Directory Self Service settings.<\/b><\/p>\n<p>Take a look at the <b>Photo settings<\/b> option. To find the problematic parameter, select the options: <b>Show one photo<\/b> and <b>Update only Active Directory photo<\/b>.<\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" src=\"\/Pictures\/Articles\/Active-Directory-SharePoint-Permissions-1.png\"><\/p>\n<p>Then test uploading a picture. If an error appears, that means the problem is with the AD parameter. In this case, specify a domain admin account in <b>Active Directory Connection Settings<\/b> and test it again.<\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" src=\"\/Pictures\/Articles\/Active-Directory-SharePoint-Permissions-2.png\"><\/p>\n<p>If you can upload an AD picture, you&#8217;ll need to test the 2 other parameters: <b>Update only SharePoint photo<\/b> and <b>Update only User Profile Service photo<\/b>.<\/p>\n<p>Make sure that the <b>current application pool account<\/b> has been added to the <b>&#8220;My Site&#8221; site collection administrators<\/b>.<\/p>\n<p>When the problematic parameter is found, you will get an error screen after the &#8220;save&#8221; action:<\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" src=\"\/Pictures\/Articles\/Active-Directory-SharePoint-Permissions-3.png\"><\/p>\n<p>Just copy this correlation ID and find it in ULS logs you have on the current WFE server (usually it&#8217;s located in the latest log).<\/p>\n<p>Also, if you want to change the UserProfile picture of another person and you are  a SharePoint admin, your account must be located inside <b>Application Management &#8211; Manage Service Applications &#8211; User Profile Service Application &#8211; Administrators<\/b>; it\u2019s desirable to have <b>Full Control<\/b> permission.<\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" src=\"\/Pictures\/Articles\/Active-Directory-SharePoint-Permissions-4.png\"><\/p>\n<p>An <b>Access denied<\/b> error can also appear when you have just opened a web part without any edit and save actions. In this case, the domain admin account is required in <b>Active Directory Connection Settings<\/b>. If it is not working, just send us the latest ULS logs that you have.<\/p>\n<hr><p>Learn more about <a href=\"\/Products\/HarePointSelfService\/Default.aspx\">HarePoint Active Directory Self Service for SharePoint<\/a> web part which allows users to manage and update their Active Directory profile.\n","protected":false},"excerpt":{"rendered":"<p>The widespread error of <b>HarePoint Active Directory Self Service<\/b> product is &#8216;access denied&#8217; error. It means that the current user account doesn&#8217;t have enough permissions to change some Active Directory or User Profile\/SharePoint attributes. And usually, users faced this problem with picture upload. This article will help you to configure permissions to avoid that error.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[4],"_links":{"self":[{"href":"https:\/\/www.harepoint.com\/Blog\/wp-json\/wp\/v2\/posts\/135"}],"collection":[{"href":"https:\/\/www.harepoint.com\/Blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.harepoint.com\/Blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.harepoint.com\/Blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.harepoint.com\/Blog\/wp-json\/wp\/v2\/comments?post=135"}],"version-history":[{"count":8,"href":"https:\/\/www.harepoint.com\/Blog\/wp-json\/wp\/v2\/posts\/135\/revisions"}],"predecessor-version":[{"id":790,"href":"https:\/\/www.harepoint.com\/Blog\/wp-json\/wp\/v2\/posts\/135\/revisions\/790"}],"wp:attachment":[{"href":"https:\/\/www.harepoint.com\/Blog\/wp-json\/wp\/v2\/media?parent=135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.harepoint.com\/Blog\/wp-json\/wp\/v2\/categories?post=135"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.harepoint.com\/Blog\/wp-json\/wp\/v2\/tags?post=135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}