Forum Discussion
Private documents visible but access denied?
Got a client where they were using Delve and not paying much attention, then one day noticed users could see content not shared with them when browing to other users Delve pages. They see a card for a document, but when they click it, they get access denied. If they go to the user's actual OneDrive, they do not see the content, but it shows in Delve. This is not how it's supposed to work and causing some huge worry about security. They chose to disable the Office Graph until we get to the bottom of this. Anyone else seen this?
3 Replies
- What you are seeing is totally unexpected...the user should not see any documents he/she does not have permissions to see. If you need to disable the Graph, you have to go to SPO Admin Center, click on settings, locate Office Graph section and disable there the use of the Graph.
Yea I know we already have turned it off, I was just wondering if anyone has seen that? You see it but get access denied? We're going to open a ticket but it's just very disconcerting that something supposed to be so secure is not. It's given Delve a huge bad view inside the company which is really sad.
- David Rosenthal
Microsoft
You should open a ticket with Microsoft. There would be massive outcry and tech media coverage if Delve was exposing information in this way across all Office 365 tenants. Logically this means there is something wrong with your specific tenant and/or your configuration that is causing this.
An investigation should be done, and the results of that investigation should be communicated back throughout your org to rebuild confidence in both Office 365 and Delve. Otherwise, a blow has been dealt towards any adoption and usage efforts and your users will have some fairly extreme misconceptions of what is going on. This puts your return on investment at risk.
