SharePoint 2019 User Profile --> Manage User Permissions

Copper Contributor



I've found a very strange issue within the User Profile service of SharePoint 2019. First of all some information about our topology:

  • 4 SP Servers (Minrole):
    • 2 WFE with DC
    • 2 Application with Search
  • Version 16.0.10349.20000
  • Windows Server 2019 is the OS
  • Office Online and SQL 2016 info is out-of-scope for this issue.

We are migrating our environment from SharePoin 2010 to SharePoint 2019. The mysites will be migrated at the last phase of the project. Therefor we would like to disable the mysite creation. Within the 'Manage User Permission' you can adjust the settings for the creation of the personal site. But when we modify these settings I get a popup with the message 'Sorry, this site hasn't been shared with you'. I already checked many things:

  • Uls log is giving me an Access Denied
  • The user who is modifying the permissions is admin on the mysite.
  • The user is Farm Admin and also has specific permissions on the User Profile App (Full Control)
  • Gave temporarily direct database permissions for the User Profile Service account on the mysite database...
  • When I change the mysite url in the User Profile app to for example http://fake, then I can change the permissions. But they are not applied as the Mysite URL is not correct.
  • Als tried to change the permissions via Powershell...(Revoke-SPObjectPermission), but I cannot find the good permissions. Also 1 claim cannot be found (c:0!.s|windows)


Almost think it's a bug.. but as i'm not 100% sure i'm writing this question.

3 Replies

Hi, I have exactly the same issue on my SP 2019 farm. Did you ever found a solution to this problem?

@Gottfried Jocham, We did login with the farm account on the server. Its not best practice, but the only solution. Also what we notices is that when you change the url of the Mysite Host Location to for example http://fakeurl then you can make the notification. So it looks something related to permissions on the mysite web app itself.

I believe you have to add your account to the User Profile Service Application settings. Go to Central Admin > Manage Service Applications (/_admin/ServiceApplications.aspx). Select the User Profile Service Application, and in the ribbon click Administrators. Then type in you account, click Add, select your account in the user list below, check "Full Control" (which includes the options for Manage Profiles, Manage Audiences, Manage Permissions, Retrieve Data for Search Crawlers, and Manage Social Data), and click Okay. You should now be able to Manage Permissions

As an aside, make sure you use a service account to crawl your content. You'll also add that service account to the User Profile Service Application Administrators, and give it the Retrieve Data for Search Crawlers permission level only.