Brian Blogs on SharePoint

Information, curiosities, and observations about SharePoint and the community.

Folders and their security

Posted by Brian Gough on February 7, 2009

There has been a great discussion among my fellow MVP’s around Folders and their security, and if they are good or evil.
It started out with Amanda Murphy( ) sharing a concern that was brought up to her by an attendee of her presentation. The attendee claimed that even after creating folders and setting unique permissions “users can still have access to file if they navigate directly to it but they just cant see the folder. “
There has been a lot of testing on different builds ( 6219 – pre Infrastructure update and 6318 – infrastructure update) .
There seemed to be some instances during testing where behavior in the folders was different when simply changing users via the ‘Welcome’ dropdown and actually closing the browser and opening a new one as a different user. There was also different behavior when testing on a machine in a domain and a machine in a workgroup.
There were some statements that the the permissions only applied to the Folder views themselves and NOT the items in the folders.

Well, I have done some pretty intensive testing on build 6219 and the permissions behaved as I would expect them to. A user that was not given permissions to a folder could not see that folder or any of the items in the folder. Even when I tried a direct link to an item in a folder I did not have rights to, it threw the ‘Access denied’ message, as expected.
Hopefully someone will do a bit more testing in build 6318, but initial results show that it works fine and permissions do trickle down to the items in the list.
I am not too concerned about results on a machine in a workgroup, as I would never have that as a production machine, but it is noteworthy for those that may be testing on a workgroup machine as the results may vary when on a domain machine.

Just reinforces the importance of having your testing environment as close to your production
environment as you can. And as ever… test, test, test, test, and then test it some more!




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: