Issue
We got a call from the user that he is unable to enable the rating features on lists/libraries. He tried with different site collections but he got the same error. Actually, when he was trying to enable the rating feature on his list, when he went to the list settings > Rating Settings > Check “Yes” Radio Button > Press OK.
He found this error.
Troubleshooting
Root Cause
Upon checking the ULS logs, we found that web application’s app pool account doesn’t have proper permission on the UPA. We have seen the access denied errors for the web application’s app pool. Actually, Web Application App pool is running under a different services account while the UPA App pool is running under a different account.
Basically, the App Pool account of the web applications requires two permissions.
- Full control on the User Profile Services application
- Also, should have permission for “Manage Social Data”.
Resolution
Resolution is a two-step process. In step 1 we will add the app pool account in UPA permissions with “full control” ( there is no other permission level here) and in the second step, we have to add the app pool account into administrators of User profile service with “Manage Social Data” permissions. Please make sure that the App Pool account of your web application is added into the user profile service. To add App Pool account, please follow the instructions below to fix the issue.
Step 1
- On the home page of the SharePoint Central Administration Web site, under Application Management, select Manage service applications.
- Select the Service Applications tab.
- Select the User Profile service to which you want to grant permission and then click Permissions from the ribbon.
- In the first box, either type the name of the service account that you want to add by using the format <domain>\<username> or select the service account by using the address book, and then click Add.
- Double-click the service account that you added.
The service account is moved from the box of accounts to be added to the box of accounts to be granted permissions.
- In the Permissions for <user> box, select the following options,
- Full Control to grant permission to read and write to the User Profile service.
- Click OK.
Step 2
- On the home page of the SharePoint Central Administration Web site, under Application Management, select Manage service applications.
- Select the Service Applications tab.
- Select the User Profile service to which you want to grant permission and then click Administrator from the ribbon.
- In the first box, either type the name of the service account that you want to add by using the format <domain>\<username> or select the service account by using the address book, and then click Add.
- Double-click the service account that you added.
The service account is moved from the box of accounts to be added to the box of accounts to be granted permissions.
- In the Permissions for <user> box, Select the following options,
- Manage Social Data to grant permission to manage the social data.
- Repeat the previous three steps to grant permission to additional accounts (If there is any).
- Click OK.
Conclusion
In this article, we learned that a missed step in configuration can cause a major impact on the environment. In the above scenario, we missed the permission for app pool account on user profile service application, which causes the rating features to be invalid for us. Thanks for reading!
This applies to all SharePoint on-prem versions:
- SharePoint 2010
- SharePoint 2013
- SharePoint 2016
- SharePoint 2019 Preview