RemoveUserFromSite Error

Sep 30, 2013 at 9:42 PM
Edited Sep 30, 2013 at 9:43 PM
I wrote this script to delete user from my site collection. I want to mimic the "Delete User From Site Collection" you see when using the SP interface.

Whenever I try I get this XML Response: This operation is available only for a web with unique permissions.


I don't understand why inheritance would have anything to do with deleting someone from the collection.
      $().SPServices({
        operation:"RemoveUserFromSite",
        userLoginName: user,
        async:true
      });
Coordinator
Oct 5, 2013 at 6:04 PM
I haven't tried this operation, probably not even when I set it up. I can't think of a reason why you'd want to delete a user form a Site Collection. Can you explain what you are trying to do and why?

M.
Oct 5, 2013 at 7:14 PM
There are times where users will leave the organization or contractors will complete their work and should no longer have access to the portal. I understand that removing them from groups will prevent their access but some of the less knowledgeable admins have given certain people direct access to sites. I figured the easiest way to completely remove a user would be to remove him from the site collection. Many of our clients are in a hosted environment and user credentials is done using SQL, not sure if that's relevant.


Coordinator
Oct 5, 2013 at 11:54 PM
Deleting users (or an other reference data like a user identity) is generally a bad idea. Think about the instances where the user created or modified content. All of a sudden that content will have no Author or Editor. In some instances, you will even get the dreaded "An unexpected error has occurred".

Managing permissions is the way to go, even if it is painful. Avoid the pain by managing permissions wisely as you go along.

M.
Oct 6, 2013 at 12:09 AM
Fair enough, I won't go in that direction in that case. Do you know if there's something I could use in SPServices to get a report of users who've been given direct permissions to a site but are not within a group (direct access). At least that way I could quickly identify and rectify this issue?




Coordinator
Oct 6, 2013 at 12:11 AM
What version of SharePoint?

M.
Oct 6, 2013 at 12:25 AM
Im working with SP 2010 but I'm trying to build a permission management tool using SPServices. It's very likely I plan to use it in SP2013 as well.


Coordinator
Oct 6, 2013 at 1:02 PM
There are third party tools that help a lot with permission management. Otherwise, you can crawl the topology looking at the permissions with SPServices.

M.
Oct 22, 2014 at 9:40 PM
Hi Mark,

I was wondering if you could take a look at this again? Removing users from the Site Collection has turned out to be something we need to do quite often and I'd like to implement it in a solution I'm working on.
Coordinator
Oct 22, 2014 at 10:12 PM
I'm still of the opinion that it's a bad idea to delete users from the Site Collection, even if it were possible.

M.
Oct 23, 2014 at 12:59 AM
Hey Marc,

I understand for one site collection. I'm in an environment where I have multiple site collections using the same AD users, government departments.

We charge each department per user in each collection. So when one asks us to remove a user we can't delete the user from the AD since they may be in another department and we can't leave them in the collection or else we end up over charging. Only thing we can do is delete them from the collection of the department making the request.

Thats why I'm trying to get this to work. Right now I have a bunch of users in the collection that aren't in any groups which is throwing off billing.

I understand in a normal environment it may not be necessary but in this situation, I could really use it :)
Coordinator
Oct 24, 2014 at 4:41 AM
Edited Oct 24, 2014 at 4:42 AM
Well, you're really trying to treat the symptom of a different problem: your billing practices don't make any sense. You're already charging people for things they aren't doing. Just because a user is in a Site Collection, that doesn't mean that the have ever actually used it. It just means that someone has "touched" the Site Collection with their identity, e.g., adding them to a permission group or selected them in a People Picker.

That said, I understand that you're just trying to do your thing.

I just ran the function in one of my setups and it worked fine. The user existed before the call and they were gone afterward.
$().SPServices({
  operation:"RemoveUserFromSite",
  userLoginName: "FPSHARED1\\abray"
});
One of the problems with this operation is it's hard to test without wreaking havoc for the users you actually want to keep.

M.
Oct 24, 2014 at 6:35 AM
sympmarc wrote:
Well, you're really trying to treat the symptom of a different problem: your billing practices don't make any sense. You're already charging people for things they aren't >doing. Just because a user is in a Site Collection, that doesn't mean that the have ever actually used it. It just means that someone has "touched" the Site Collection with >their identity, e.g., adding them to a permission group or selected them in a People Picker.
Hey Marc,

I completely agree but I've only been there for about a year and things were in motion (contracts) way before I had any say. I'm glad it's working for you, I'll try it again tomorrow and see if I can get it working myself.

Thanks.
Oct 24, 2014 at 3:48 PM
So yea, I gave it a shot
$().SPServices({
  operation:"RemoveUserFromSite",
  userLoginName: "i:0#.w|itun\agow_epmo"
});
but got this error:
<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>Exception of type 'Microsoft.SharePoint.SoapServer.SoapServerException' was thrown.</faultstring><detail><errorstring xmlns="http://schemas.microsoft.com/sharepoint/soap/">Cannot complete this action.

Please try again.</errorstring><errorcode xmlns="http://schemas.microsoft.com/sharepoint/soap/">0x80004005</errorcode></detail></soap:Fault></soap:Body></soap:Envelope>
I'm site collection admin and I can remove the user from the collection through the ui no issue. I have no problems with other web services usually.
Coordinator
Oct 24, 2014 at 7:34 PM
It's probably an escaping issue with the text of the userLoginName. Notice that I needed to escape mine with the double backslash above. You've got some other characters in there that may need to be escaped, but I'd start there.

M.
Oct 26, 2014 at 9:25 PM
Edited Oct 26, 2014 at 9:25 PM
Oh wow didn't consider that, yea okay that makes sense.

Awesome, glad that works. Thanks for the help with this Marc.

As if it's already been a year since I started using this, time flies.

Cheers.
Coordinator
Oct 26, 2014 at 11:21 PM
Great! Glad you got it working.

M.