locked
Content Approval on a library - Can a author publish and Approve his own document RRS feed

  • Question

  • HI,

    We enabled the content approval on the library and it has only major versions enabled for version settings. USers have to check out and check in. And the draft visibilty is set to "To approvers and (authors of the doc)"

    Off late I observed that the Author who uploads a new document, later he is able to publish a major version and also he was able to Approve his document. Is it something by design??

    The authors on the library have the permissions "View, Add and update" and Approvers have "Approve" permissions.

    Can anyone throw some light on this..

    Thansk,

    Mash

     

     


    -Mash "http://sharepointxperiments.wordpress.com"
    Thursday, December 16, 2010 4:30 PM

Answers

  • > And the draft visibilty is set to "To approvers and (authors of the doc)"

    This is ignored when only using Major Versions

     

    > the Author who uploads a new document, later he is able to publish a major version and also he was able to Approve his document. Is it something by design??

    No. Just the opposite.  

     

    > The authors on the library have the permissions "View, Add and update"

    They must have owner, Full Control or Approval permission to Approve.

    In SP 2010 we now have a tool to "Check Permissions" for a user to see how they got to the content. In 2007 you will need to do some detective work. Pick a single user who can approve their own content (but should not be able to) and check these things:

     - in the library, click the document's dropdown and click Manage Permissions - review the list and see if the user is listed with special permissions, also note the groups here

     - in the library click Settings, Document Library Settings, and then Permissions for this document library - again review the list and see if the user is listed with special permissions, also note the groups here

     - if the document is in a folder, click the folder's dropdown and click Manage Permissions and do the same...

     - in People and Groups check each group you found above to see if the user is a member, then check to see if that group has approval or Full Control rights

     - if any of the "users" found above are Active Directory groups, get to see if the user is a member of the AD group and if the group was granted approval or Full Control rights to the document or the library.

     

    or... use a third party audit tool.

     


    Mike Smith TechTrainingNotes.blogspot.com
    • Marked as answer by Peng Lei Tuesday, December 21, 2010 8:35 AM
    Thursday, December 16, 2010 6:07 PM