User Broke the Access Rights to Confidential Documents

%3CLINGO-SUB%20id%3D%22lingo-sub-843756%22%20slang%3D%22en-US%22%3EUser%20Broke%20the%20Access%20Rights%20to%20Confidential%20Documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-843756%22%20slang%3D%22en-US%22%3E%3CP%3EDear%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EA%20user%20has%20managed%20to%20receive%20access%20rights%20to%20a%20confidential%20folder%20inside%20a%20library.%20She%20has%20(and%20still%20does)%20Edit%20rights%20for%20the%20library%20where%20confidential%20folder%20was%20located.%20But%20neither%20she%20nor%20the%20user%20group%20she%20is%20a%20member%20of%20have%20access%20rights%20to%20the%20confidential%20folder.%20But%20as%20you%20may%20also%20see%20from%20the%20attached%2C%20this%20specific%20user%20now%20has%20Contribute%20rights%20to%20this%20folder.%20I%20can't%20even%20see%20how%20she%20get%20those%20rights%3F%20Do%20you%20know%20why%20did%20this%20happen%20and%20how%20can%20I%20solve%20this%3F%20More%20importantly%2C%20how%20can%20I%20prevent%20this%20to%20happen%20ever%20again%20in%20the%20future%3F%20This%20is%20a%20very%20serious%20leak%20and%20created%20an%20internal%20governance%20investigation%20around%20the%20organization.%20Any%20help%20would%20be%20appreciated.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELooking%20forward%20to%20hearing%20from%20you.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHave%20a%20good%20start%20to%20the%20week.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20Regards%2C%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EYigit%20Y%C3%BCr%C3%BCker%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20636px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130705i31750F7D12CE3F21%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Access%20Rights.PNG%22%20title%3D%22Access%20Rights.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-843756%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EDocument%20Library%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPermissions%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-843893%22%20slang%3D%22en-US%22%3ERe%3A%20User%20Broke%20the%20Access%20Rights%20to%20Confidential%20Documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-843893%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F275056%22%20target%3D%22_blank%22%3E%40Yigit_Yuruker%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAre%20the%20%22unique%20permissions%22%20for%20the%20confidential%20folder%20still%20in%20place%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDid%20someone%20share%20the%20folder%20with%20the%20user%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%20this%20helps.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENorm%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-843982%22%20slang%3D%22en-US%22%3ERe%3A%20User%20Broke%20the%20Access%20Rights%20to%20Confidential%20Documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-843982%22%20slang%3D%22en-US%22%3E%3CP%3EDear%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F111382%22%20target%3D%22_blank%22%3E%40Norman%20Young%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20for%20your%20reply.%20Unfortunately%2C%20Unique%20Permissions%20were%20in%20place.%20So%2C%20everything%20seemed%20normal.%20I've%20realized%20this%20mistake%20only%20by%20chance.%20You%20may%20see%20the%20permissions%20page%20attached.%20Do%20you%20have%20any%20idea%2C%20why%20this%20have%20happened%3F%20I%20need%20to%20fix%20this%20as%20soon%20as%20possible%2C%20we%20have%20started%20to%20use%20this%20site%20to%20store%20our%20confidential%20documents%20already.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20Regards%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYigit%20Y%C3%BCr%C3%BCker%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130725i9A804D84C339D05F%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Access%20Rights%20Area.PNG%22%20title%3D%22Access%20Rights%20Area.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-843992%22%20slang%3D%22en-US%22%3ERe%3A%20User%20Broke%20the%20Access%20Rights%20to%20Confidential%20Documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-843992%22%20slang%3D%22en-US%22%3E%3CP%3EHI%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F275056%22%20target%3D%22_blank%22%3E%40Yigit_Yuruker%3C%2FA%3E%26nbsp%3B-%20one%20of%20the%20hidden%20options%20when%20sharing%20a%20library%2Ffolder%20-%20it's%20under%20the%20'show%20more'%20where%20you%20also%20find%20the%20option%20to%20uncheck%20the%20box%20to%20send%20an%20email.%20By%20default%2C%20the%20box%20to%20'share%20everything%2C%20even%20those%20with%20unique%20permissions'%20is%20checked.%20Seems%20very%20odd%20that%20this%20would%20both%20be%20hidden%20and%20be%20checked%20by%20default.%20Try%20removing%20the%20user%20altogether%20and%20adding%20back%2C%20unchecking%20that%20box.%20Let%20us%20know%20how%20it%20goes!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-844054%22%20slang%3D%22en-US%22%3ERe%3A%20User%20Broke%20the%20Access%20Rights%20to%20Confidential%20Documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-844054%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F275056%22%20target%3D%22_blank%22%3E%40Yigit_Yuruker%3C%2FA%3E%2C%20was%20that%20image%20the%20from%20the%20site%20permissions%20or%20the%20folder%3F%20Need%20to%20check%20the%20folder%20permissions.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-844058%22%20slang%3D%22en-US%22%3ERe%3A%20User%20Broke%20the%20Access%20Rights%20to%20Confidential%20Documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-844058%22%20slang%3D%22en-US%22%3E%3CP%3EDear%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F19689%22%20target%3D%22_blank%22%3E%40Kelly%20E%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20for%20your%20message.%20I%20am%20afraid%20that%20it%20was%20not%20the%20case%2C%20as%20we%20are%20agreed%20on%20not%20giving%20anyone%20Contribute%20rights!%20Also%2C%20I%20thought%20it%20should%20have%20shown%20her%20name%20on%20the%20Permissions%20screen%20but%20I%20don't%20even%20see%20her.%20So%2C%20actually%2C%20I%20don't%20even%20know%20how%20I%20can%20kick%20her%20out%20of%20this%20folder!%20I%20am%20very%20confused%20right%20now%20and%20checking%20all%20my%20folders%20for%20the%20same%20bug.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-844169%22%20slang%3D%22en-US%22%3ERe%3A%20User%20Broke%20the%20Access%20Rights%20to%20Confidential%20Documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-844169%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F275056%22%20target%3D%22_blank%22%3E%40Yigit_Yuruker%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheck%20here%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130738i9EFC3FF6396EB5E0%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22capture.png%22%20title%3D%22capture.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELook%20for%20entries%20with%20your%20users%20name.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENorm%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-846125%22%20slang%3D%22en-US%22%3ERe%3A%20User%20Broke%20the%20Access%20Rights%20to%20Confidential%20Documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-846125%22%20slang%3D%22en-US%22%3E%3CP%3EDear%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F111382%22%20target%3D%22_blank%22%3E%40Norman%20Young%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20afraid%20she%20is%20not%20shown%20there%20as%20well%20sir.%20That%20is%20I%20believe%20there%20is%20a%20malfunction%20with%20the%20permits%20of%20the%20site.%20Also%2C%20as%20I%20can't%20see%20her%20anywhere%2C%20I%20can't%20delete%20her%20access%20rights%20to%20the%20confidential%20folder%20as%20well.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3ESo%20I%20am%20still%20looking%20for%20a%20solution%2C%20worst%20case%20would%20be%20relocating%20documents%20and%20deleting%20the%20folder.%20But%20that%20wouldn't%20solve%20the%20problem%2C%20%3CSTRONG%3Ejust%20save%20the%20day%3C%2FSTRONG%3E.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20for%20your%20support%20and%20efforts%20so%20far!%20It%20is%20great%20to%20see%20efforts%20of%20this%20beautiful%20community.%20If%20you%20would%20have%20any%20more%20tips%20%2F%20solution%20ideas%2C%20I%20will%20be%20happy%20to%20hear.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHave%20a%20great%20day%20and%20remain%20with%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20Regards%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYigit%20Y%C3%BCr%C3%BCker%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-846527%22%20slang%3D%22en-US%22%3ERe%3A%20User%20Broke%20the%20Access%20Rights%20to%20Confidential%20Documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-846527%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F275056%22%20target%3D%22_blank%22%3E%40Yigit_Yuruker%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20last%20place%20to%20check%20and%20then%20I%20am%20out%20of%20ideas.%26nbsp%3BSelect%20the%20folder%20%26gt%3B%20Open%20the%20details%20pane%20%26gt%3B%20Click%20Manage%20access.%20Is%20the%20user%20listed%20there%3F%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130931iB54AAC0E01623836%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Capture.PNG%22%20title%3D%22Capture.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20could%20also%20search%20the%20O365%20Audit%20Log%20for%20all%20activities%20related%20to%20the%20folder.%20You%20should%20see%20the%20permission%20being%20applied%2Fchanged.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%20this%20helps.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENorm%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Dear All,

 

A user has managed to receive access rights to a confidential folder inside a library. She has (and still does) Edit rights for the library where confidential folder was located. But neither she nor the user group she is a member of have access rights to the confidential folder. But as you may also see from the attached, this specific user now has Contribute rights to this folder. I can't even see how she get those rights? Do you know why did this happen and how can I solve this? More importantly, how can I prevent this to happen ever again in the future? This is a very serious leak and created an internal governance investigation around the organization. Any help would be appreciated. 

 

Looking forward to hearing from you. 

 

Have a good start to the week.

 

Best Regards,


Yigit Yürüker 

 

Access Rights.PNG

8 Replies

Hi @Yigit_Yuruker,

 

Are the "unique permissions" for the confidential folder still in place?

 

Did someone share the folder with the user?

 

I hope this helps.

 

Norm

Dear @Norman Young 

 

Thank you for your reply. Unfortunately, Unique Permissions were in place. So, everything seemed normal. I've realized this mistake only by chance. You may see the permissions page attached. Do you have any idea, why this have happened? I need to fix this as soon as possible, we have started to use this site to store our confidential documents already.

 

Best Regards,

 

Yigit Yürüker

 

Access Rights Area.PNG

HI @Yigit_Yuruker - one of the hidden options when sharing a library/folder - it's under the 'show more' where you also find the option to uncheck the box to send an email. By default, the box to 'share everything, even those with unique permissions' is checked. Seems very odd that this would both be hidden and be checked by default. Try removing the user altogether and adding back, unchecking that box. Let us know how it goes!

@Yigit_Yuruker, was that image the from the site permissions or the folder? Need to check the folder permissions.

Dear @Kelly E,

 

Thank you for your message. I am afraid that it was not the case, as we are agreed on not giving anyone Contribute rights! Also, I thought it should have shown her name on the Permissions screen but I don't even see her. So, actually, I don't even know how I can kick her out of this folder! I am very confused right now and checking all my folders for the same bug.  

@Yigit_Yuruker,

 

Check here:

capture.png

 

Look for entries with your users name.

 

Norm

Dear @Norman Young,

 

I am afraid she is not shown there as well sir. That is I believe there is a malfunction with the permits of the site. Also, as I can't see her anywhere, I can't delete her access rights to the confidential folder as well.


So I am still looking for a solution, worst case would be relocating documents and deleting the folder. But that wouldn't solve the problem, just save the day

 

Thank you for your support and efforts so far! It is great to see efforts of this beautiful community. If you would have any more tips / solution ideas, I will be happy to hear.

 

Have a great day and remain with,

 

Best Regards,

 

Yigit Yürüker

Hi @Yigit_Yuruker,

 

One last place to check and then I am out of ideas. Select the folder > Open the details pane > Click Manage access. Is the user listed there?

Capture.PNG

 

You could also search the O365 Audit Log for all activities related to the folder. You should see the permission being applied/changed.

 

I hope this helps.

 

Norm