Jun 08 2020 02:09 AM
Jun 08 2020 02:09 AM
We have a team with several channels. A couple of these channels are only open for a subset of this team. This means that not all team members can see or access these channels.
Today, one user who's not a member of these channels discovered something:
- She was in a file folder for one of the teams she IS a member of
- She chose "Open in SharePoint"
- She was then taken to the same file folder in SharePoint
- She then chose Documents in the left side menu in SharePoint
- She could now see the file folders for ALL channels, even the ones she doesn't have access to inside Teams.
Is this normal behavior between SharePoint and Teams? If so, that is a huge security fault. Or is it a setting I can set to prevent this?
Jun 08 2020 02:30 AM
Hi @Hogne1260 ,
Users should only ever see information they have been given access too so something must be wrong with the permissions here. By default, if a user is a member of a Team they have access to all the channels and in turn the document library which stores the files. The exception to this is if you have created Private Channels. However, when creating Private Channels a Team site (SPO site) is created for each separate Private Channel so from your description of folders it doesn't sound like this is the case?
Jun 08 2020 02:32 AM
Jun 08 2020 02:52 AM
@Paul Turner By SPO, do you mean that the private channel will have a completely new SharePoint site with the same name as the channel? Or do you mean that it should have it's own folder structure, where the top folder has the same name as the private channel?
Jun 08 2020 02:53 AM
@adam deltinger Thanks for the tip about the possibility of this being a deleted channel. I will check with those who created this team.
Jun 08 2020 03:00 AMSolution
Jun 08 2020 03:52 AM
@Paul Turner Thanks! I didn't know this. I have to update som of my documentation.
Oct 19 2023 08:51 AM
@Hogne1260 Did you ever get to the bottom of this because today (3 years after you posting!) a user has just come across the exact same thing which has concerned me massively with the amount of other teams we have. One thing I noticed is that looking at the SP settings for a private channel, it seems as though it has the standard SP permissions groups - Owners, members and viewers but surely that shouldn't be the case if it is a private channel?? Massive issue if I have to check every single team!