The Risk of Misleading Permission Levels
In this video, we highlight how custom permission levels in SharePoint can be used to mislead users and conceal full access rights.
A common tactic? Creating a permission level named “Read” that actually grants full control. At a glance, it looks safe—but behind the scenes, it opens the door to unrestricted access.
We’ll show how this happens, why it’s hard to detect, and what you can do to protect your organisation from hidden privilege escalation.