Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Manage Reader Security bug

  Asked By: Alyssa    Date: Mar 29    Category: Sharepoint    Views: 993

I just noticed something odd.
Right now there is only a few folks with rights to our portal.
I have some NTAuthenticated test accounts setup in AD. But I set all
NTAuthenticated users up as readers. When I logged into the network as
the test users (read only access) I was able to delete items from my
(personal) MySite. (i.e. if I am the Sys Admin for the whole portal
and my user acct is smithj and I log out and log back in as reader
test1; I am able to go to http://portalname/personal/smithj and click
on shared docs and delete anything I want.)

That seems wrong. Test1 only has READ access.



3 Answers Found

Answer #1    Answered By: Shara Johnson     Answered On: Mar 29

How are you logging in and out of the site? Your site should not be functioning that way, which leads me to think that the site is still recognizing you as using an admin  account.

Answer #2    Answered By: Christop Mcfadden     Answered On: Mar 29

Is it possibly due to incorrect IE security  zone settings? If that's the case then it is possible that IE is automatically logging into sharepoint as the interactive account when the test  account does not have access. If you're testing while logged  into windows with your personal domain account, when the test account hits an area that it doesn't have acccess to IE should be throwing up a prompt indicating you don't have access  to. However, I have seen some errant IE Security zone settings that caused IE to proceed with an automatic login behind the scenes as the interactive user  without the interactive user's knowledge.

To fully validate that the reader  is getting update access, make sure you are logged into windows as your test account, not as your normal, personal domain account.

Answer #3    Answered By: Cassidy Sharpe     Answered On: Mar 29

When I actually went to delete  something it
asked to validate who I was and did not allow the test  user to delete.
Although one of the other admins is able to delete shared  docs from
my MySite. I reckon that is ok with me.

Didn't find what you were looking for? Find more on Manage Reader Security bug Or get search suggestion and latest updates.