User has access to CRITICAL folder not shared with her

Brass Contributor

Hello experts,

 

I have just found out that I have a user to a critical sharepoint folder folder where she should not have access at all, and I am not sure how that happened.

 

I check via Manage Access and

  • user is not in the list in "People"
    • user is not part of group in "Groups". 
    • sumo83_0-1709807440369.png

       

      • the user is part of "Team Site Members" though
    • there is no "share link"
  • when I go to "Advanced Settings"
    • the user is not in the list
    • I see message however

       

    • sumo83_5-1709807994243.png

       

    • When I click "Show users" the user is not in the list however there are  service groups with limited access an the user is member of two of them
    • sumo83_2-1709807840536.png
  • When I check via ""Check Permission" I see the below
    • sumo83_3-1709807933523.png

 

Now, anyone could help me with the below?

 

  1. How I can find out why the user has access to that folder if the permissions are not given to her?
  2. How can I find out what are the Service Groups above referring to?
  3. How can the "Check Permissions" feature help me to identify how she got access? There are very little info there 

 

Would be grateful for any advice as it is very critical folder.... 

 

7 Replies

@sumo83 Follow below steps to check the detailed permissions of folder in the document library:

  1. Go to document library
  2. Select the folder --> select ellipsis (...) and choose Manage access option
  3. From Manage access popup, select (...)and then Advanced settings ganeshsanap_0-1709809691777.png
  4. From advanced permissions page, you can check user permissions as well as remove group or individual user permissions as per your requirements: ganeshsanap_1-1709809812401.png

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.

I have already done it -> see the "When I check via "Check Permission" I see the below" part in my post. Was not very helpful.....

@sumo83 

 

  1. The user is part of "Team Site Members" though - Does this group have direct permissions on the folder? If yes, user will be able to access the folder as user is part of the group.
  2. When I check via "Check Permission" I see the below - From the screenshot, I can see that user has Contribute permissions on the folder (maybe via any of the "service groups" you mentioned). So, if that group has contribute permissions on the folder, user will be able to access the folder as user is part of the group.

In general, user will be able to access the folder when user is member of the group and the group has access to the folder (even when no "individual user" access assigned).


Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.

@sumo83 

 

Also, when you check the permissions using Check Permissions option, it shows you the group name from which the access was given to user: 

ganeshsanap_0-1709811329287.pngIf it is a SharePoint group, you can find that group from "People and Groups" page, generally accessible via link in this format: 

 

https://contoso.sharepoint.com/sites/MySite/_layouts/15/groups.aspx

 


Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily. It also closes the item. If the post was useful in other ways, please consider giving it Like.

good info.. thank you... However, as you can see in my picture from "When I check via ""Check Permission" I see the below", I can't see any info about how the access was given... unlike in your example, there is no info in mine :\

Team Member do not have direct access to the folder at all... And yes, the user is part of one ServiceGroup - the one you noticed with Contribute permissions... Now, how do I translate that strange "string" to a group name or any useful info? Or how do I can identify how it was shared?

I have removed the user from Team Member for now.. so will see if that will help
I do not really understand that “Limited access”… When I click on “Show users”, does it show me users that have access to that particular folder? Because one of those SharePoint group with strange long string contains all users… even users we share some files externally etc… What is that? Doesnt make sense ‌‌



Can I simply delete those SharePoint Group when checking for a particular folder? If I want only users in the list to have access to it?
ok.. so I have removed the "limited access" ones, removed the user from "Member" group and the user doesnt see the folder anymore...

I am surprised that the "Permision check" feature was really useless to get some info about how and why a user can access a specific folder... Not sure how the user got access to entire folder if there was only a "limited access" for her.. :\