Last week, I briefly thought that I would have a big security issue with one of my SharePoint 2010 lists. I have a list called “Aufträge” (orders) with permissions set on list item level. In the following picture you see that (in SharePoint 2010) I was logged in with a test user called “testuser1” who had permisson to access 2 list items (ID “84” and “83”):
After using the SharePoint Excel export functionality (“Nach Excel exportieren”)
As you can imagine I was very astonished. What’s the reason for such a behaviour? For a short time I thought I found a new SharePoint bug. But than I got a fairly simple explanation. On the operating system I was logged in with different user credentials. An account with permissions for all three list items. Excel of course runs with these credentials and seems to pull data with these credentials. To proove this I switched to user “testuser1” on my operating system and eyerything is fine . So under usual circumstances (where SharePoint and operating system credentials are the same) there’s no problem. Nevertheless, behaviour is really ugly. Microsoft should be able to improve it with little effort. Simplest solution might be starting the Excel instance with SharePoint user credentials.