BUG – Security concern – Overriding library permissions breaks previously configured item level permissions in SharePoint 2007

Written by Cornelius J. van Dyk on . Posted in Blog

When you are having to override library permissions where you have previously overridden folder permissions and/or item permissions to break inheritance, BE WARNED that permissions behavior in SharePoint may not be what you’d expect. I’ll explain by demo… Start by navigating to the target library. image_50_7E4473DA Now go ahead and override item permissions. Upon completion, you should have new permissions for the item. image_80_4DD09FAC Now navigate back to the top site. Go ahead and override library permissions. In my case, I removed Members and Visitors from the library level permissions. image_83_427A00BA Now navigate back to the item again. You’ll notice some permissions missing. image_86_427A00BA The conclusion is that breaking inheritance at the library level will override the item level permissions and cause unexpected results. This can be particularly bad if you’re unaware of this behavior and you have an external facing site that has had item level permissions configured for certain external partners and someone breaks the inheritance on the library level as it could grant access to content to unintended users. BE WARNED!!!



Tags: , , ,

Trackback from your site.

Cornelius J. van Dyk

Born and raised in South Africa during the 70's I got my start in computers when a game on my Sinclair ZX Spectrum crashed, revealing it's BASIC source code. The ZX had a whopping 48K of memory which was considered to be a lot in the Commodore Vic20 era, but more importantly, it had BASIC built into the soft touch keyboard. Teaching myself to program, I coded my first commercial program at age 15.

After graduating high school at 17, I joined the South African Air Force, graduating the Academy and becoming a Pilot with the rank of First Lieutenant by age 20. After serving my country for six years, I made my way back into computer software.

Continuing my education, I graduated Suma Cum Laude from the Computer Training Institute before joining First National Bank where my work won the Smithsonian Award for Technological Innovation in the field of Banking and Insurance. Soon I met Will Coleman from Amdahl SA, who introduced me to a little known programming language named Huron/ObjectStar. As fate would have it, this unknown language and Y2K brought me to the USA in 1998.

I got involved with SharePoint after playing around with the Beta for SharePoint Portal Server 2003. Leaving my career at Rexnord to become a consultant in 2004, I was first awarded the Microsoft Most Valuable Professional Award for SharePoint in 2005, becoming only the 9th MVP for WSS at the time. I fulfilled a life long dream by pledging allegiance to the Flag as a US citizen in 2006. I met the love of my life and became a private consultant in 2008. I was honored to receive my ninth MVP award for SharePoint Server in 2013.

Leave a comment

You must be logged in to post a comment.