Sign up for Office 365
Learn more about Office 365
I only noticed when I added a new customer and as I always do, I test to see if the new account can access the site assigned to them and only that site. We have a number of sub sites set up for customers, with links to them on the Top Bar. Normally when logging in with the customers ID, the only visible link on the Top Bar is the link to the site assigned to them. However on this occasion I noticed that ALL the links were visible and worse, available. I hunted around on the net and found that someone else had encountered the same issue, they mentioned that the Tenant_Users Group had been granted Site Collection Administrator rights. Lo and behold, the same has happened on our site. Every time I delete the Tenant_Users from the Site Collection Administrators, a few minutes later it re-appears, 'magically'. Definitely something wrong there!
And yes, SkyDrive is more secure!
I'm not sure if this is the same issue, but a few days after trimming permissions for sites/libraries, we also have users with limited access able to access everything. It was working fine initially. As far as I know the tenant_users group was already there. It was removed from secure areas but this made no difference.
Having these kinds of problems with such a core feature on a released product is embarrassing. SkyDrive is more secure!!
Looking into this a bit furthr, to verify what is happening, I have created a new user, who is not a site administrator and has not been assigned any permissions to acess any of our Sharepoint site (Our site and all sub sites have unique permissions which are assigned on a per user basis). I went on another machine (just to make sure my browsers cache wasn't interfering) and logged on as the new user. This user can access every part of the site and perform administrative duties! I cannot believe that a company like Microsoft could allow this to happen. This is such a major breach of security, they may as well not have any for of login process if they can allow this to happen. I must get this rectified immediately or we will have to shut down our entire site at great cost. PLEASE CAN YOU HELP MICROSOFT!!!