locked
Users who were initially in a thread continue to see thread(in the preview board) after they have been removed, but if double click on it, it shows they are not authorized to see it RRS feed

  • Question

  • Users who were initially in a thread continue to see thread(in the preview board) after they have been removed, but if double click on it, it shows they are not authorized to see it

    Scenario: 

    User A - Created the email

    User B - Cced on the email

    User C - CCed on the email, but removed later (this user continues to see the preview of the emails)

    Brief explanation:

    There is an email with a few replies to it. User A,B and C are all in this thread.

    User A decides to create a meeting from these emails. User A clicks on Meeting in the Home Tab > Respond section > Meeting (CTRL+Alt+R). When the meeting pops up user A removes user C and keeps/invites user B only to the meeting.

    The problem:

    Outlook on user C organizes the emails with same subject in a "Conversation".
    When User C expands the conversation, it lists the meetings that user C has been removed from and can read the notes of the meetings as a preview. If User C double clicks on this email listed it shows the user isn't authorized to open this object. The meetings doesn't show on user C calendar as well. So, in a nutshell, the problem is that user C may be able to read sensitive information from meetings that he/she hasn't been invited to participate. 

    In reality, this scenario with user C happens with multiple users that have been removed from the thread. I didn't find any permission issues on Exchange. User C doesn't have access to user A mailbox. What should be the next steps?

    Thanks for your assistance!

    Thursday, August 29, 2019 2:55 PM

All replies

  • Hi,

    Welcome to the Exchange Server forum. This forum is for questions and feedback related to Exchange server. Since your question is more related to Outlook, I'll move it to a more appropriate forum:
    https://social.technet.microsoft.com/Forums/msonline/en-US/home?forum=outlook

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.

    Regards,

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Friday, August 30, 2019 7:16 AM
  • Hi Déh

    Sorry for the late reply.

    I followed your instruction to test this on my side (Outlook 2016 MSO 16.0.4849.1000).

    1. Create an email: User 4 sent it to SharedMX, CC: Admin; User2

    2. User 4 create a meeting based on this message and then remove User2:

    3. After sending out the meeting invitation, User2 didn’t receive any emails regarding this meeting on my side.

    Does this issue only occur to User A? Or all users?

    Please directly test this issue on the web mail to see if issue can be reproduced.

    Besides, we can open Outlook in safe mode to see if the issue continues. Please exit Outlook, press Win key + R to open the Run command, type outlook /safe and then press Enter. This helps eliminate whether the problem lies on any third party add-ins.

    If issue only occurs to User A, let’s create a new profile for him. Refer to the steps in this article.

    Any updates, please feel free to post back.

    Regards,

    Perry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Monday, September 2, 2019 2:17 AM
  • Hi Perry,

    thank you for your reply.

    This situation happens with more than one user.  We have test with at least three random users, so we believe this is happening with everyone in this Database.

    When user C is removed, it does not receive any notification. HOWEVER, if the user expands the "Conversation" (by a conversation I mean the grouped emails with the same subject) the user is able to see the meeting listed there and the first few lines as a preview. If the user double-clicks on this object, there is when it pops up a message informing the user doesn't have sufficient permission to access the content.

    The emails is also listed on webmail when arranged by subject.

    When I checked for delegated permissions, none of the users (A,B and C) had any permissions to read the colleague's mailbox.

    I hope that clarifies the situation.
    Kind regards,
    Andre

    Tuesday, September 3, 2019 1:24 PM
  • Hi Andre,

    >>We have test with at least three random users, so we believe this is happening with everyone in this Database.

    What if we move one user to another Database, will issue be reproduced?

    >>When I checked for delegated permissions, none of the users (A,B and C) had any permissions to read the colleague's mailbox.

    In addition to delegate permission, we can also check folder permission on Outlook client. Make sure no permission is assigned to C.

    Besides, have you tried safe mode? Does it work?

    Regards,

    Perry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, September 4, 2019 5:15 AM