Big BUG issue on contact security

Highlighted
New Contributor

We have discovered a rather large bug in the system. We have user settings set up in a way that allows some of our staff — who don't have authorization to view contacts — to see the reports tab. It should not allow them to click into our contacts, because that access was removed; but there's a loophole that allows them to see the contacts.

 

I would have attached a screenshot, but maybe this is another bug: I can't seem to upload it.

 

This is a page they need to be able to access... but the highlighted column — which they can click through to view contacts — does not need to be there for them. What can we do to close this access loophole?

 

Reply
0 Upvotes
3 Replies 3
Community Manager

Hey @LynnEsquer can you confirm the User Role you are setting for these users?

Reply
0 Upvotes
TAM
Regular Contributor

We have also a bug issue to report. I am not quite sure if it is the exact same.
Let me make a case: User A has access rights to only one contact (contact B) since she is the owner.

 

But through a loophole User A is able to see more than just contact B. Going onto the "about section" of contact B the user can view company and deals. Clicking on the company or deals the user can view not only the company and deals details which she have not had access to, but also even more contacts without restrictions.

 

How we wish it would be:

1. there is no harm that the about section shows a small preview of deals the contact was involved in as long as the user cannot click further (that should be changed) - otherwise you could first click onto the deal and from there on view even more contacts.

2. when clicking on the company no further contacts (as small preview) shall be shown since the user is not supposed to have access to these contacts. If they are shown, then they should not be able to click on them to see more details.

 

This needs to be fixed asap. As the former post says this is a big bug issue on contact/deal/company security.

Reply
0 Upvotes
New Contributor

This sounds very much like the bug I reported initially. Unfortunately, this has been going on for the better part of a year (possibly more) and HubSpot does not seem terribly motivated to fix it. It's a huge security problem, though, and because they won't fix it, we are looking at other CRMs... I can't keep running reports for my staff. It should be the other way around. When you have to adjust management responsibility to work around a tool with rather large security issues, it's a problem.

Reply
0 Upvotes