Yes I agree, this is a huge concern for us. A basic user has access to delete our website files, this would cause so much damage. They might simply be trying to eliminate files thinking they don't need them.
Also, when they add files from a record, it adds to the main file database, which will clutter the files and give all users access to sensitive files. We need to restrict total access to the file manager, but allow attachments to records that will not be hosted in the file manager. Also, creating folders for attachments in each record would be extremely beneficial. Thank you
Yes! I completely agree. I want to send personalized emails from different users with a PNG or JPEG of their signatures, but its very tricky because I don't want eveyrone utilizing our platform to have access to those signatures. Itt would be great to be able to seaparte them out by team.
Yes I agree. This is a security incident that HubSpot has, because the entry "Files" is available for all users and we've confidental information and sensite data there.
I've found that all users in HubSpot have access to "Files", and we've there confidential information and sensitive data. This is a security incident and ubSpot doesn't have the permissions to restrict the access.
This is a situation that is urgent to solve! User Access Management is a principle that HubSpot should follow. Where is the privacy by design?
EXTREME RISK AND SECURITY ISSUE, especially after the launch of the Hubspot CMS
I would like to reinforce the request for this resource, as it is extremely important.
A free user can delete all files and images from the Company's website.
Not to mention that it can also replace the image with another one with inappropriate content.
The laughter was already very high, after they launched the Hubspot CMS that enterprise companies use, made it even more complicated, since the company's entire website uses FILES to store institutional images.
Mixing users' files with files vital to the company is serious.
Any updates on this yet? I feel as though I can speak for everyone when I say thank you for listening to our concerns! Or at the very least, everyone on this string and everyone who didn't realize the file permissions issue exists in the first place — which I guarantee would be a huge number if you polled users.
@watanak, I am surprized that HubSpot needed someone to come up with an idea for this. This really is not a feature request. This is about averting a potential risk.
We need this feature asap so that our trainees and our sales partners which are not employed by us can work in Hubspot too. Do you already know when you have got it fixed?
This is massively important. There's no way we want every single contributor / user seeing all files. The lack of ability to set permissions around this is super dangerous/unhelpful.
Você deve ser um usuário registrado para adicionar um comentário aqui. Se você já estiver registrado, faça logon. Se você ainda não estiver registrado, registre-se e faça logon.