Read-only users seem able to delete files in Explorer view in SharePoint

Applies to: SharePoint Server 2010SharePoint Server 2013SharePoint Online


SharePoint users who have read-only permissions appear to be able to delete files in Explorer view. However, a refresh shows that the files have not really been deleted.

More Information

This behavior reflects a limitation of the current SharePoint design and the technologies involved. If a user does not have sufficient permissions to delete items, and the user tries to delete a file, the action momentarily appears to be successful. However, the file remains intact and undeleted.

When you use WebDAV, the operating system cannot proactively detect whether the user has permissions to delete a file. When a delete attempt is made, the deletion fails if the user does not have the necessary permissions. However, Explorer view does not wait on the delete request to complete before it removes the item from the UI. Because the item has not actually been deleted in this scenario, a refresh of the screen displays the item again.