This one seems obvious but it took me a while to get to it. After a trial migration from SharePoint 2003 to SharePoint 2007 some of the user could not access the site. They were getting permission denied. We looked at all the new SharePoint groups and all the migrated SharePoint groups. Looked at the AD to make sure everyone was in there. Once we decided that these areas were okay, we went on to looking at the sites and list security. We wanted to make sure that no security inheritance had been broken and some kind of denied had been applied directly which caused the problem. We didn’t find anything here either.
Finally we decided can the users get to a deeper page besides the home page. For instance, can the user get to http://moss:5181/_layouts/viewlsts.aspx. Oh yes, they can. The problem then could be at the page level. We looked at the security for the page and found no broken inheritance. We made sure the page was published and it was. Ha!!! But there is still got to be something here. Since this was a trial migration we were still experimenting with the look-and-feel of the pages when they came over. We modified the layouts and master pages, but guess what? we, because we were still testing, didn’t publish those. So the users with the proper security could access the pages so we had not noticed the problem until we started testing with the limited users. Once we publish a major version of the master pages and layouts everything started working OK.
I hope this little experience with security helps someone else. I know we have it documented it now. J
