Forum Discussion
Delve showing documents users do not have access to
That's an interesting point, I had to read that section a few times but as I understand it, it's not saying that, following the example mentioned in the article, the manager will see the document at all, they would only be shown it if the document was shared with them. It is saying that you might see the document mentioned when browsing the manger's people page, it's just an indication that Delve thinks the document would be relevant to them based on what it knows.
The manager won't see this document, in their Delve page and won't be able to access it, Delve won't override permissions and inadvertently give access to something that someone wouldn't normally be able to see otherwise.
Cian Allnerwe have had to turn off Delve in our Office 365 education tenancy. We had multiple confidentiality issues where all staff recent documents were not only visible but could be opened by any other staff member. Non-membership of a group did not prevent users from seeing Group documents.
For instance, our HR team has 2 members and holds confidential files on all staff. But any staff member could see and read these confidential documents from the Delve dashboard by first typing in the staff members' name in the search Window. This behaviour, according to the Delve security guide should not happen.