Users do not get an option to select utforming when creating a new site

[LostLogic]

Describe the bug When a user that's added to the Prosjektportal as a member or owner try Creating a site, they don't get to chose utforming

To Reproduce Steps to reproduce the behavior:

1. Open Prosjektportal on a user who've been added as a member
2. Click Create site
3. Select "Gruppenettsted"
4. Observe that there is no option to select utforming. The Områdenavn validation is also running perpetually

Expected behavior Utforming should show up and Områdenavn should validate

Screenshots To the left is the administrator account that was used to install and configure Prosjektportalen. The right is the user.

About your setup

• Browser Edge Canary, Edge Beta (Chromium)
• Installed version [1.1.6]

Additional context I suspect this is a rights issue somewhere, somehow. Any help identifying where it might be would be of great help. I've also tried nuking the Sharepoint site and set it up from scratch again, but the same issue persist. It's worth noting that this is the second Prosjektportal on the same Sharepoint tenant. The first one does not have this issue. Rights issues might be caused by this being the second installation on the same tenant.

[LostLogic]

I had a feeling it might be tied to the SiteDesignSecurityGroupId, but deleting and re-creating the site without a defined SDSGI did not alleviate the issue.

[olemp]

.. and you have no security group tied to the site design @LostLogic? 🔨

[LostLogic]

I've tried installing with a defined security group (Where the non-admin user is a member) and without a defined security group.

From the install log: [INFO] Creating/updating site design [Prosjektområde] [INFO] You have not specified -SiteDesignSecurityGroupId. Everyone will have View access to site design [Prosjektområde]

The issue is the same. Not sure if that's what you ment @olemp

[olemp]

This is what I meant yes. No idea what is causing this then. Never seen this issue before.

[LostLogic]

If you have the time and inkling, you are welcome to do a remote session and poke around. Just mail me at cato at teknograd dot no If not, I'll keep trying to figure out why this is happening. But I have a feeling it's because it's two organizations on the same sharepoint tenant with differing access rights that's causing havoc when they share components.

[olemp]

Keep trying, and update us if you find a solution 💯

[tarjeieo]

Weird. We have a couple of installs with several portfolio installations and that works, so I suspect it's something else, but not sure what.

[olemp]

@LostLogic The solution is to set permissions for the hub site. Go to https://tenant-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/siteManagement and find your portfolio site.

[tarjeieo]

Updated installation doc: https://github.com/Puzzlepart/prosjektportalen365/wiki/Installasjon#steg-4-manuelle-steg-etter-installasjonen

[LostLogic]

I wish this resolved the issue, but alas... Same issue remain. I've for good measure added both the security group and the group that's created when the site is created in Sharepoint as members of the hub site, but the issue with creating sites on the hub site remain.

I've deleted the hubsite, re-created it, deleted it, recreated it with a new name, but no luck. Are there any other places where access rights might be applied? Is the Portfolio template shared among the sites, or is it unique to each hubsite? Does the PnP template in Taxonomy require special rights for the hubsite and it's members? I've clicked though everything I can find and compared it, but I don't feel any closer to a solution so far.

[olemp]

What comes up when you run the command Get-PnPSiteDesign -Identity "Prosjektområde" | fl in PowerShell @LostLogic?

[LostLogic]

Description : DesignPackageId : 00000000-0000-0000-0000-000000000000 Id : 9853730b-5721-483e-9b52-ae1ab526c46f IsDefault : False PreviewImageAltText : PreviewImageUrl : SiteScriptIds : {0fe5ea40-0ddd-4a7d-8570-60a8d0ccafbf, 3a657758-5004-44a3-967d- 66e816dfb13d, 2fe73c01-35a0-41b5-83a4-c6d9339ace57, 0065d931-5c84-4281-93bc- 289424e0924d...} Title : Prosjektområde Version : 1 WebTemplate : 64 Context : OfficeDevPnP.Core.PnPClientContext Tag : Path : ObjectVersion : ServerObjectIsNull : False TypedObject : Microsoft.Online.SharePoint.TenantAdministration.TenantSiteDesign

[olemp]

What about Get-PnPSiteDesignRights -Identity 9853730b-5721-483e-9b52-ae1ab526c46f @LostLogic?

[LostLogic]

DisplayName : SP - Puzzlepart 365 Sandbox PrincipalName : c:0t.c|tenant|96d3db98-9909-49d8-81c6-ed986f588ac2 Rights : View Context : OfficeDevPnP.Core.PnPClientContext Tag : Path : ObjectVersion : ServerObjectIsNull : False TypedObject : Microsoft.Online.SharePoint.TenantAdministration.TenantSiteDesignPrincipal

DisplayName : SP - NLA Prosjektportal PrincipalName : c:0t.c|tenant|78b45bf3-0dab-48a0-ad41-4b682439fac0 Rights : View Context : OfficeDevPnP.Core.PnPClientContext Tag : Path : ObjectVersion : ServerObjectIsNull : False TypedObject : Microsoft.Online.SharePoint.TenantAdministration.TenantSiteDesignPrincipal

---

SP - Puzzlepart 365 Sandbox does not exist anymore. SP - NLA Prosjektportal is the accessgroup I've used as SiteDesignSecurityGroupId when installing this site. There are no references to the other Prosjektportal that is actually working in that list

Edit: The displayname of the first group, SP - Puzzlepart 365 Sandbox is the old name. When I did a Get-MsolGroup on the object ID it is correctly showing up as the security group for the other working Prosjektportal

Edit2: Changed to List instead of table for more detailed view

[olemp]

Have you tried to remove the rights from the site design @LostLogic? I suspect there's something buggy about the site design rights.

[LostLogic]

@olemp - I've revoked the view rights for the SP - NLA Prosjektportal group now. Should I revoke it for the other group as well, or should I re-add the group, or delete and re-create the site?

[olemp]

@LostLogic I was thinking a vanillla site design with no permissions set.

[LostLogic]

The solution was ... painful to discover. Due to the split organization. the organization I'd setup this second Prosjektportal for did not have view rights to the root Sharepoint, https://tenant.sharepoint.com

Once the user was granted view rights to the root Sharepoint, the issue was resolved. Added the access group as viewer to ensure that future users won't get this issue.

Thank you @olemp and @tarjeieo for your help in this matter.

[olemp]

NST - Never Share Tenants 🍔