SharePoint 2010 security issue

Last week, I briefly thought that I would have a big security issue with one of my SharePoint 2010 lists. I have a list called “Aufträge” (orders) with permissions set on list item level. In the following picture you see that (in SharePoint 2010) I was logged in with a test user called “testuser1” who had permisson to access 2 list items (ID “84” and “83”):

splist1

After using the SharePoint Excel export functionality (“Nach Excel exportieren”)

export
I saw 3 list items (ID “84”, “83” and “82”):

ExcelList

As you can imagine I was very astonished. What’s the reason for such a behaviour? For a short time I thought I found a new SharePoint bug. But than I got a fairly simple explanation. On the operating system I was logged in with different user credentials. An account with permissions for all three list items. Excel of course runs with these credentials and seems to pull data with these credentials. To proove this I switched to user “testuser1” on my operating system and eyerything is fine . So under usual circumstances (where SharePoint and operating system credentials are the same) there’s no problem. Nevertheless, behaviour is really ugly. Microsoft should be able to improve it with little effort. Simplest solution might be starting the Excel instance with SharePoint user credentials.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s