Welcome: Guest!

Sharepoint Forum

 
Home » Forum » Sharepoint       Ask a questionRSS Feeds

Manage Reader Security bug

  Asked By: Alyssa Lewis         Date: Mar 29, 2006      Category: Sharepoint      Views: 248
 

I just noticed something odd.
Right now there is only a few folks with rights to our portal.
I have some NTAuthenticated test accounts setup in AD. But I set all
NTAuthenticated users up as readers. When I logged into the network as
the test users (read only access) I was able to delete items from my
(personal) MySite. (i.e. if I am the Sys Admin for the whole portal
and my user acct is smithj and I log out and log back in as reader
test1; I am able to go to http://portalname/personal/smithj and click
on shared docs and delete anything I want.)

That seems wrong. Test1 only has READ access.

Tagged:        

 

3 Answers Found

 
Answer #1       Answered By: Shara Johnson          Answered On: Mar 29, 2006       

How are you logging in and out of the site? Your site should not be functioning that way, which leads me to think that the site is still recognizing you as using an admin  account.

 
Answer #2       Answered By: Christop Mcfadden          Answered On: Mar 29, 2006       

Is it possibly due to incorrect IE security  zone settings? If that's the case then it is possible that IE is automatically logging into sharepoint as the interactive account when the test  account does not have access. If you're testing while logged  into windows with your personal domain account, when the test account hits an area that it doesn't have acccess to IE should be throwing up a prompt indicating you don't have access  to. However, I have seen some errant IE Security zone settings that caused IE to proceed with an automatic login behind the scenes as the interactive user  without the interactive user's knowledge.

To fully validate that the reader  is getting update access, make sure you are logged into windows as your test account, not as your normal, personal domain account.

 
Answer #3       Answered By: Cassidy Sharpe          Answered On: Mar 29, 2006       

When I actually went to delete  something it
asked to validate who I was and did not allow the test  user to delete.
Although one of the other admins is able to delete shared  docs from
my MySite. I reckon that is ok with me.

 
Didn't find what you were looking for? Find more on Manage Reader Security bug Or get search suggestion and latest updates.


Your Answer
  • Answer should be atleast 30 Characters.
  • Please put code inside [Code] your code [/Code].

 
Hall of Fame  |  Facebook  |  Twitter  |  LinkedIn  |  Terms of Use  |  Privacy Policy  |  Contact us
RSS Feeds: Articles |  Forum |  New Users |  Activities |  Interview FAQ |  Poll |  Hotlinks


Go4Sharepoint, is a Microsoft Featured Community. Microsoft, Windows, Sharepoint, Sharepoint logo, Windows logo, etc are trademarks of the Microsoft Corporation. All product names, logos, copyrights, and trademarks mentioned are acknowledged as the registered intellectual property of their respective owners. This site is not in any way affiliated with, nor has it been authorized, sponsored, or otherwise approved by, Microsoft Corporation.

Copyright © 2008-2011