> I mean was it really unauthorized access (they called it “hacking” of course) if his user account literally had permission to map network drives?

It may not pass as hacking, but it certainly was unauthorized. Network policy in software should reflect reality, but the source of authority comes from humans. Your friend literally was not authorized to access teachers' files, regardless of poor software configuration permitting the capability.