List of group/role does not show on root site

sharepoint2013

#1

I have successfully added the FBA Pack to my SharePoint 2013 farm following the steps located here: https://blogs.visigo.com/chriscoulson/configuring-forms-based-authentication-in-sharepoint-2013-part-1-creating-the-membership-database/.

After activating the feature, I can add users through on the page: /_layouts/15/FBA/Management/UsersDisp.aspx and once a user is added, I can successfully log into the site. Curiously though, in the section: “Choose at least one group/role to add the user to:” the only option that shows up is: Excel Services Viewers. This phenomenon only shows up on the root site collection however. When I activated Forms Based Authentication Management feature on a site collection created after the root site was set up and Forms Based Authentication Management was activated, the “Choose at least one group/role to add the user to:” section contains the full list of roles: Approvers, Designers, Excel Services Viewers, Hierarchy Managers, Master Page Members, Master Page Owners, Master Page Visitors, Quick Deploy Users, Restricted Readers, Style Resource Readers, Translation Managers.

I am having the occasional issue with successfully logging in and out of sites, and while I can’t directly blame the FBA pack as the reason, the fact that the root site piece doesn’t appear to be showing in full makes me unable to rule it out either.

To attempt to fix this, I deleted all FBA users from the database through the gui and deactivated the feature. Once complete I reactivate the feature and the list is still truncated to show only the single role.

I know that it is possible to undeploy, but that doesn’t seem like it would fix things either as the other site collection works as expected.

I’m curious if anyone has seen this before, or if someone could point me to a possible fix, or to what I did incorrectly.

Thanks.


#2

I actually haven’t seen this before - this does sound pretty strange. The only thing that comes to mind is that maybe there’s a special character in one of your group names for the site collection that is causing the rest of the items to get filtered out. Are all of the group names just alpha numeric, or do some have punctuation in them?

The other possibility is that under ‘FBA Site Configuration’, ‘Enable Roles’ is checked and somebody has created a single role titled Excel Service Viewers. If Enable Roles is not checked, it should give you the list of SharePoint groups.


#3

Ok. There are no special characters in my group names. In fact, I only created one manually called “External Developers”, which has since been deleted having no effect on the default groups showing.

Furthermore I checked for the checkbox in Enable Roles here: /_layouts/15/FBA/Management/FBASiteConfiguration.aspx, and found that the box is in fact not checked. So the groups should display per your description.

I was considering purchasing some support time for some help on a custom login page, but am now facing this issue, as well as some questions about how the permissions matriculate through the farm. For example, I created a group at the root site collection level which does not show in another site collection created through central administration. Now as I’m typing this, I’m thinking maybe this makes sense in that a group in one site collection would not be available to another site collection, but I can make the argument that it doesn’t make sense either.

Grouping all these together, I’m wondering if someone would have some time to do a screen share with me and assess my missing groups, answer some questions around inheritance at least at a surface level and discuss what my custom login page specs would be for an estimate on price and time.

Let me know what you think.

Thanks.


#4

Permissions really are local to a site collection and don’t carry between site collections. You can create sites within a site collection where all the permissions are shared. A lot of examples show assigning a site collection to a specific department in an organization, and each department has it’s own unique permissions. So you might have an accounting site collection and an IT site collection…

In fact, even user profiles are local to a site collection, so unless you use the My Sites feature and have profile syncing turned on, user profiles would have to be setup individually in each site collection.

I can certainly do a GoToMeeting with you. I’d suggest purchasing the FBA Pack Support Plan here:

https://www.visigo.com/products/sharepoint-fba-pack/support-plan/

It gives you 4 consulting hours to use as you choose. We do custom login pages as well - a basic custom login page averages about 3 hours if you wanted to use some of the hours for that.

Thank you,
Chris


#5

Hi Chris.

I purchased a support package yesterday, but I’m not sure how to initialize the service. Can you let me know what I need to do to get in contact with someone?

Thanks.


#6

Sorry for the delayed reply! I’ve sent you an email with support contact information.