User Broke the Access Rights to Confidential Documents

Question

Dear All,&nbsp;A user has managed to receive access rights to a confidential folder inside a library. She has (and still does) Edit rights for the library where confidential folder was located. But neither she nor the user group she is a member of have access rights to the confidential folder. But as you may also see from the attached, this specific user now has Contribute rights to this folder. I can't even see how she get those rights? Do you know why did this happen and how can I solve this? More importantly, how can I prevent this to happen ever again in the future? This is a very serious leak and created an internal governance investigation around the organization. Any help would be appreciated.&nbsp;&nbsp;Looking forward to hearing from you.&nbsp;&nbsp;Have a good start to the week.&nbsp;Best Regards,Yigit Yürüker&nbsp;&nbsp;

kelly_edinger · Answer

HI&nbsp;Yigit_Yuruker&nbsp;- one of the hidden options when sharing a library/folder - it's under the 'show more' where you also find the option to uncheck the box to send an email. By default, the box to 'share everything, even those with unique permissions' is checked. Seems very odd that this would both be hidden and be checked by default. Try removing the user altogether and adding back, unchecking that box. Let us know how it goes!

yigit_yuruker · Answer

Dear&nbsp;Norman Young,&nbsp;I am afraid she is not shown there as well sir. That is I believe there is a malfunction with the permits of the site. Also, as I can't see her anywhere, I can't delete her access rights to the confidential folder as well.So I am still looking for a solution, worst case would be relocating documents and deleting the folder. But that wouldn't solve the problem, just save the day.&nbsp;&nbsp;Thank you for your support and efforts so far! It is great to see efforts of this beautiful community. If you would have any more tips / solution ideas, I will be happy to hear.&nbsp;Have a great day and remain with,&nbsp;Best Regards,&nbsp;Yigit Yürüker

norman young · Answer

Hi&nbsp;Yigit_Yuruker,&nbsp;Are the "unique permissions" for the confidential folder still in place?&nbsp;Did someone share the folder with the user?&nbsp;I hope this helps.&nbsp;Norm

yigit_yuruker · Answer

Dear&nbsp;Norman Young&nbsp;&nbsp;Thank you for your reply. Unfortunately, Unique Permissions were in place. So, everything seemed normal. I've realized this mistake only by chance. You may see the permissions page attached. Do you have any idea, why this have happened? I need to fix this as soon as possible, we have started to use this site to store our confidential documents already.&nbsp;Best Regards,&nbsp;Yigit Yürüker&nbsp;

norman young · Answer

Yigit_Yuruker, was that image the from the site permissions or the folder? Need to check the folder permissions.

Forum Discussion

User Broke the Access Rights to Confidential Documents

Share

Resources