Searching for a file on Sharepoint Online allows access to locked down files/folders.

Shane Siegfried 0 Reputation points
2024-08-21T23:09:15.8733333+00:00

Hello and good day to you all.

I am having a very odd issue. I am the admin of the Sharepoint Online site for the company i work for and i was made aware of an issue today that probably has been going on for quite some time.

Apparently, the search bar at the top of Sharepoint Online is overriding folders/files that are locked down to particular individuals.

How is this possible? How can someone search (and find) a particular file that is locked down in a folder that only is accessible by 3 people AND open/edit it?? I am at a loss!

Ive gone through everything on the admin side of things and i cant find anything that will allow folks to simply search, find and open a file they should NOT have access to.

If anyone can help me out, i would greatly appreciate it!

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
10,598 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Yanli Jiang - MSFT 25,621 Reputation points Microsoft Vendor
    2024-08-22T02:45:13.1533333+00:00

    Hi @Shane Siegfried ,

    Welcome to Q&A forum!

    This sounds like an unusual and potentially serious issue. Here are a few steps you can take to troubleshoot and resolve the problem:

    1. Permission Inheritance: - Ensure that the permissions on the folder and files in question are set correctly. Navigate to the specific folder or file, go to "Manage Access" and verify that the permissions are restricted to only those 3 people. - Check if the folder is inheriting permissions from its parent directory. If it is, and the parent directory has broader access rights, this could be the source of the problem. You can break inheritance and set unique permissions for this folder.
    2. Permission Levels: - Verify that the "Visitors" or other user groups do not have more permissions than intended. They should typically only have "Read" permissions unless otherwise specified.
    3. SharePoint Search Configuration: - Ensure that the search schema is configured correctly. Sometimes, custom search configurations can lead to unintended exposure of documents. - Check if there are any custom search settings or query rules that might be overriding the default permissions.
    4. Sharing Settings: - Review the sharing settings of the site collection. Ensure that link sharing permissions are correctly configured and not allowing broader access than necessary.
    5. Security Groups and Users: - Double-check the membership of any security groups that have access to the folder/files. Sometimes, users might be added to a group with broader access by mistake. - Confirm the permissions assigned to individual users; they may be accidentally granted more rights.
    6. Audit Logs: - Use the SharePoint audit logs to check who accessed the files and how they did so. This can give you insights into whether permissions were bypassed or if the issue is with the search indexing.
    7. Re-indexing: - Occasionally, re-indexing the site can solve anomalies with the search function. Go to the "Site settings" → "Search" → "Search and offline availability" and choose to re-index the site.
    8. Oversharing: -This can occur if adequate access controls are not consistently applied, resulting in oversharing. Oversharing can occur when files and sites with improper restrictions are inadvertently accessed using Microsoft Search. To prevent oversharing, it is recommended that administrators and users manage access to sensitive or confidential information using solutions that best address their specific issues. Refer to: Manage access to files and sites.

    Have a nice day!


    If the answer is helpful, please click "Accept as Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.