Document Library Permissions being bypassed when using “Open with Windows Explorer”
https://sharepoint.stackexchange.com//questions/31787
-
07-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPergunta
SharePoint 2007 Document Library has permissions set for user A to "Read". User A is able to go to Actions -> Open in Windows Explorer and delete files. This seems like a very large security loop hole.
We do not want to remove the Open in Windows Explorer option so is there any way to enforce permissions in this setting?
Solução
I had the same feeling when using the "Open in Explorer" in SharePoint 2010. User could remove docs in the Explorer view. But when refreshing the documents were still there, so the user could in fact not delete them...
Outras dicas
If User A is logged in as User A (Read Only) in SharePoint, but is logged into their machine as User B (Full Control) then the permissions will be different than expected. Explorer View uses the credentials of the user logged into the machine, NOT the credentials currently used in SharePoint.
This is likely what is causing the confusion (especially if you are testing on your machine). The Explorer View is still respecting the library's permissions, but you may be presenting different credentials than you thought.
