SharePoint 2013 Site Newsfeed does not follow Permissions Model

Thursday, January 30, 2014

I came across an issue on a project recently which at first was difficult to understand what was going on.

Users were reporting that although they didnt have access to a team site they could see the newsfeed from that teamsite in their Newsfeed. It turns out that we give all users access to a site properties list so they can see all the sites in a site directory. From this list the users are able to follow the site and see the newsfeed in their MySite Newsfeed. What is worse is that if the user is then given no permissions at all to the site they can see the sites newsfeed if they have previously followed that site. One to watch out for if you have sensitive conversations happening on restricted sites.

 

Tags:
Filed Under: SharePoint 2013
blog comments powered by Disqus