cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

User has access to SharePoint files for a team channel she's not a member of

Hogne1260
Copper Contributor

‎Jun 08 2020 02:09 AM

‎Jun 08 2020 02:09 AM

User has access to SharePoint files for a team channel she's not a member of

We have a team with several channels. A couple of these channels are only open for a subset of this team. This means that not all team members can see or access these channels.

 

Today, one user who's not a member of these channels discovered something:

- She was in a file folder for one of the teams she IS a member of

- She chose "Open in SharePoint"

- She was then taken to the same file folder in SharePoint

- She then chose Documents in the left side menu in SharePoint

- She could now see the file folders for ALL channels, even the ones she doesn't have access to inside Teams.

 

Is this normal behavior between SharePoint and Teams? If so, that is a huge security fault. Or is it a setting I can set to prevent this? 

 

3,787 Views
0 Likes
7 Replies
Reply
7 Replies
Paul Turner

‎Jun 08 2020 02:30 AM

‎Jun 08 2020 02:30 AM

Re: User has access to SharePoint files for a team channel she's not a member of

Hi @Hogne1260 ,

 

Users should only ever see information they have been given access too so something must be wrong with the permissions here.  By default, if a user is a member of a Team they have access to all the channels and in turn the document library which stores the files. The exception to this is if you have created Private Channels.  However, when creating Private Channels a Team site (SPO site) is created for each separate Private Channel so from your description of folders it doesn't sound like this is the case? 

3 Likes
Reply
adam deltinger

‎Jun 08 2020 02:32 AM

‎Jun 08 2020 02:32 AM

Re: User has access to SharePoint files for a team channel she's not a member of

Of its visible from the document root folder it’s not a private channel! PC lives in a separate site and has a library of its own! Check the privacy of the channel if it’s a private channel! Also keep in mind that if you previously had a normal channel with this name and later was deleted that folder and it’s files are still in SharePoint.

Adam
2 Likes
Reply
Hogne1260

‎Jun 08 2020 02:52 AM

‎Jun 08 2020 02:52 AM

Re: User has access to SharePoint files for a team channel she's not a member of

@Paul Turner By SPO, do you mean that the private  channel will have a completely new SharePoint site with the same name as the channel? Or do you mean that it should have it's own folder structure, where the top folder has the same name as the private channel? 

0 Likes
Reply
Hogne1260

‎Jun 08 2020 02:53 AM

‎Jun 08 2020 02:53 AM

Re: User has access to SharePoint files for a team channel she's not a member of

@adam deltinger Thanks for the tip about the possibility of this being a deleted channel. I will check with those who created this team. 

0 Likes
Reply
best response confirmed by Hogne1260 (Copper Contributor)
Paul Turner

‎Jun 08 2020 03:00 AM

‎Jun 08 2020 03:00 AM

Solution

Re: User has access to SharePoint files for a team channel she's not a member of

You are correct. A private channel creates a completely separate SPO site with it's own document library and you can update permission for this from the Teams channel itself. Any changes of permissions via the SPO site will be overwritten when the private channel synchronises so always administer from Teams.
The Private channel permissions are independent of the Team permissions but will inherit from the Team permissions at the point of creation.
0 Likes
Reply
Hogne1260

‎Jun 08 2020 03:52 AM

‎Jun 08 2020 03:52 AM

Re: User has access to SharePoint files for a team channel she's not a member of

@Paul Turner  Thanks! I didn't know this. I have to update som of my documentation. 

1 Like
Reply
VikkiMidd

‎Oct 19 2023 08:51 AM

‎Oct 19 2023 08:51 AM

Re: User has access to SharePoint files for a team channel she's not a member of

@Hogne1260 Did you ever get to the bottom of this because today (3 years after you posting!) a user has just come across the exact same thing which has concerned me massively with the amount of other teams we have. One thing I noticed is that looking at the SP settings for a private channel, it seems as though it has the standard SP permissions groups - Owners, members and viewers but surely that shouldn't be the case if it is a private channel?? Massive issue if I have to check every single team!

0 Likes
Reply