> And the draft visibilty is set to "To approvers and (authors of the doc)"
This is ignored when only using Major Versions
> the Author who uploads a new document, later he is able to publish a major version and also he was able to Approve his document. Is it something by design??
No. Just the opposite.
> The authors on the library have the permissions "View, Add and update"
They must have owner, Full Control or Approval permission to Approve.
In SP 2010 we now have a tool to "Check Permissions" for a user to see how they got to the content. In 2007 you will need to do some detective work. Pick a single user who can approve their own content (but should not be able to) and check these
things:
- in the library, click the document's dropdown and click Manage Permissions - review the list and see if the user is listed with special permissions, also note the groups here
- in the library click Settings, Document Library Settings, and then Permissions for this document library - again review the list and see if the user is listed with special permissions, also note the groups here
- if the document is in a folder, click the folder's dropdown and click Manage Permissions and do the same...
- in People and Groups check each group you found above to see if the user is a member, then check to see if that group has approval or Full Control rights
- if any of the "users" found above are Active Directory groups, get to see if the user is a member of the AD group and if the group was granted approval or Full Control rights to the document or the library.
or... use a third party audit tool.
Mike Smith
TechTrainingNotes.blogspot.com
