14 December 2010

BUG – Security concern – Overriding library permissions breaks previously configured item level permissions in SharePoint 2007

When you are having to override library permissions where you have previously overridden folder permissions and/or item permissions to break inheritance, BE WARNED that permissions behavior in SharePoint may not be what you’d expect. I’ll explain by demo… Start by navigating to the target library.image_50_7E4473DANow go ahead and override item permissions. Upon completion, you should have new permissions for the item.image_80_4DD09FAC Now navigate back to the top site. Go ahead and override library permissions. In my case, I removed Members and Visitors from the library level permissions.image_83_427A00BANow navigate back to the item again. You’ll notice some permissions missing.image_86_427A00BAThe conclusion is that breaking inheritance at the library level will override the item level permissions and cause unexpected results. This can be particularly bad if you’re unaware of this behavior and you have an external facing site that has had item level permissions configured for certain external partners and someone breaks the inheritance on the library level as it could grant access to content to unintended users. BE WARNED!!!


No comments:

Post a Comment

Comments are moderated only for the purpose of keeping pesky spammers at bay.

SharePoint Remote Event Receivers are DEAD!!!

 Well, the time has finally come.  It was evident when Microsoft started pushing everyone to WebHooks, but this FAQ and related announcement...