SharePoint 2013 DropOff Library and Unique Permissions

This week we noticed strange behaviour when using unique permissions on a SharePoint 2013 DropOff Library with Content Routing Rules.
We wanted to bypass the Content Routing for some users, so that they could upload directly to the target Library.

When assigning Library Specific Permissions to the target library to bypass the Content Routing AND preventing the same user(s) to access the DropOff Library, something strange happens, which I would call a “bug” in SharePoint:

The user actually sees the “New Document” link, but when he clicks on it the following Access Denied messages appears:
Access Denied on Upload New Document

In SharePoint ULS Logs the following entry is made:

(E_ACCESSDENIED)), StackTrace: at Microsoft.SharePoint.SPWeb.GetList(String strUrl) at 

This pointed in the direction of the DropOff Library causing the Access Denied.

The solution is to create a specific PermissionLevel with the following permissions:

  • View Application Pages – View forms, views, and application pages. Enumerate lists.
  • View Pages – View pages in a Web site.
  • Open – Allows users to open a Web site, list, or folder in order to access items inside that container.

This ensures the user(s) cannot view the data inside the DropOff Library, but are allowed to see the application pages of it. This is enough to reach the scenario and to bypass the Content Routing Rules.
The user will still see the DropOff library, but not it’s contents. They are also possible to upload directly in the target library, which is what we wanted …

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.