Do not allow non-admin users to access and view other users within the Portal.
If a user does not have the permission allowed for Account Access - they should not be able to view User and Team information!
For portals where we are supporting internal and external users, emails and access levels are displayed.
I see this being a significant security issue - for:
1. Sharing emails and contact details with users who should not have access to this information
2. Providing details for admin users that if a users account was compromised could be used to try and get other access
I think this is a very good idea 😎
It looks like this is partially done, there is now a 'User table access' option available under the Account tab when setting permissions.
However, you can still view the contact details via teams - but a great step in the right direction!
My customer is trying to restrict user teams access to their Service Partners, and even with the User table access settings above, these partners are still able to see user team members and their email info.
It would be helpful to create an option where the Settings icon is blocked for super restricted access so they would not have access to the information, or completely hide the Users and Teams settings from there.
Meu cliente está tentando restringir o acesso das equipes de usuários a seus parceiros de atendimento e, mesmo com as configurações de acesso à tabela de usuários fornecida acima, esses parceiros ainda podem ver quais são os membros da equipe de usuários e suas informações de e-mail.
Seria útil criar uma opção onde o ícone Configurações seja bloqueado para acesso super restrito para que nenhum acesso sem essa permissão tenham acesso às informações ou ocultar completamente as configurações de Usuários e Equipes desde lá.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.