locked
Does NT Authority\authenticated users override Item Level Permission? RRS feed

  • Question

  • I have two lists -

    List A: NT Authority\authenticated users have READ access

    List B: has a column that looks up List A. ITEM LEVEL PERMISSION is set by an SPD Workflow. Specific people are granted CONTRIBUTE access to the list item by the WF.

    When these specific people edit the item in List B, the data looked up from List A is getting deleted. I guess because they don't have access to List A.
    I thought that NT Authority\authenticated users would allow ANYONE Read access to List A regardless of Item Level Permission being set on List B?

    I can't start to add individual access to List A, this is why I added READ access to all NT Authority\authenticated users. I thought that it would allow even the item level permission set items to have READ access to List A.


    • Edited by Sonners Monday, September 19, 2011 3:42 PM
    Monday, September 19, 2011 3:41 PM

Answers

  • H,

    NO think of it as  group of all authenticated users, it does not in itself describe authorization...

     

     

    -Ivan


    Ivan Sanders My LinkedIn Profile, My Blog, @iasanders.
    • Marked as answer by Sonners Tuesday, September 20, 2011 6:59 PM
    Tuesday, September 20, 2011 2:40 AM
  • Sonners,

    This behavior can occur when the domain local group resides in a mixed-mode domain. Before domain local group members can access a SharePoint Server 2007 Web site, the Active Directory service must be running in native mode or running at the Microsoft Windows Server 2003 domain functional level. In mixed-mode domains, the domain local group can only be used on the domain controller. However, when the domain is run in native mode, the domain local group can be used within the boundary of the domain.
     
    As a easy workaround, you can create a new sharepoint group and add NT AUTHORITY\authenticated users to it.
    Then assign permissions to that group and it should work.


    Leonid Lyublinski Wizard of MOSS
    • Marked as answer by Sonners Tuesday, September 20, 2011 6:59 PM
    Tuesday, September 20, 2011 3:18 PM

All replies

  • H,

    NO think of it as  group of all authenticated users, it does not in itself describe authorization...

     

     

    -Ivan


    Ivan Sanders My LinkedIn Profile, My Blog, @iasanders.
    • Marked as answer by Sonners Tuesday, September 20, 2011 6:59 PM
    Tuesday, September 20, 2011 2:40 AM
  • I agree with Ivan 

    :-) 
    Tuesday, September 20, 2011 3:16 AM
  • Sonners,

    This behavior can occur when the domain local group resides in a mixed-mode domain. Before domain local group members can access a SharePoint Server 2007 Web site, the Active Directory service must be running in native mode or running at the Microsoft Windows Server 2003 domain functional level. In mixed-mode domains, the domain local group can only be used on the domain controller. However, when the domain is run in native mode, the domain local group can be used within the boundary of the domain.
     
    As a easy workaround, you can create a new sharepoint group and add NT AUTHORITY\authenticated users to it.
    Then assign permissions to that group and it should work.


    Leonid Lyublinski Wizard of MOSS
    • Marked as answer by Sonners Tuesday, September 20, 2011 6:59 PM
    Tuesday, September 20, 2011 3:18 PM
  • Of course! I got mixed up.

    You are right Ivan and Leonid. Thank you.

    Tuesday, September 20, 2011 7:01 PM