Recently I had to troubleshoot an issue where end-users were able to open links to documents they had no permissions to open. If they tried opening the library they got the "access denied" message that is expected, but clicking a link directly to a document in the library resulted in the document either opening up in the browser, or downloaded. We double checked the documents did not have item level security, and they didn't.
What a puzzle!
Turns out that those libraries were provisioned by code, and the code set a property on the library called "AllowEveryoneViewItems" (msdn documentation). This property, when set to true, means that anyone- even unauthenticated users, will be able to download and view items in the list or library - even without permissions.
The reason to turn it to true is when dealing with anonymous sites - for example, if you have an internet site and you want to put links to documents from pages, but you don't want users to be able to browse the library itself.
Sharepoint Tips And Tricks is Ishai Sagi's sharepoint information blog. It specializes in Microsoft SharePoint technologies, including web parts, development, configuration, customization, and best practices for the use of Microsoft SharePoint Server and Windows SharePoint Services. It also provides some related Office Information, including VSTO and VSTA and other office application development tips.
Wednesday, April 09, 2014
Users able to open documents using links, even without permissions
Subscribe to:
Posts (Atom)