Restrict access to File Manager

Hi,

The File area should give the ability to restrict access to folders based on Users&Team,

so that the sales team do not messes with marketing files, and some content can be restricted based on users or team

ex: area for investors -> files should not be viewable by any sales trainee working in HubSpot

thanks

 

HubSpot updates
changed to: In Planning
May 20, 2020

Hi everyone,

 

Thank you for submitting your ideas on this community thread. I am updating the status of this idea to "In Planning".

 

We will continue to share updates on this topic on this thread.

 

Sincerely,

Kie

changed to: Being Reviewed
Mar 25, 2020

24 Replies
Occasional Contributor

Yes I agree, this is a huge concern for us.  A basic user has access to delete our website files, this would cause so much damage.  They might simply be trying to eliminate files thinking they don't need them.  

 

Also, when they add files from a record, it adds to the main file database, which will clutter the files and give all users access to sensitive files.  We need to restrict total access to the file manager, but allow attachments to records that will not be hosted in the file manager.  Also, creating folders for attachments in each record would be extremely beneficial.  Thank you

 

Screenshot 2019-10-30 12.44.39.png

 

 

New Contributor

Yes! I completely agree. I want to send personalized emails from different users with a PNG or JPEG of their signatures, but its very tricky because I don't want eveyrone utilizing our platform to have access to those signatures. Itt would be great to be able to seaparte them out by team.

New Contributor

Totally agree! 

Occasional Contributor

Yes I agree. This is a security incident that HubSpot has, because the entry "Files" is available for all users and we've confidental information and sensite data there.

This must be solved as soon as possible!

Occasional Contributor

Hello,

I've found that all users in HubSpot have access to "Files", and we've there confidential information and sensitive data. This is a security incident and ubSpot doesn't have the permissions to restrict the access.

This is a situation that is urgent to solve! User Access Management is a principle that HubSpot should follow. Where is the privacy by design?

Occasional Contributor

Please tell me this is not still true. Why would a user who has no Marketing access be given rights to delete website files?

 

HubSpot please say it isn't so. I am panicking right now.

updated to: Being Reviewed
HubSpot Product Team
 
New Contributor

I couldn't agree more! I don't necessarily want people on certain teams to have access to these files. Restricting FORM access would be nice as well! 

Regular Contributor

I agree as well. This is very dangerous. Employees may not realize they are deleting something important.

Regular Contributor

This is absolutely critical from a security perspective.

 

Shocked that literally anyone in our HubSpot account can access all files.

New Contributor

Hey guys,

 

EXTREME RISK AND SECURITY ISSUE, especially after the launch of the Hubspot CMS

 

I would like to reinforce the request for this resource, as it is extremely important.

 

A free user can delete all files and images from the Company's website.

 

Not to mention that it can also replace the image with another one with inappropriate content.

 

The laughter was already very high, after they launched the Hubspot CMS that enterprise companies use, made it even more complicated, since the company's entire website uses FILES to store institutional images.

 

Mixing users' files with files vital to the company is serious.

Occasional Contributor

Any updates on this yet? I feel as though I can speak for everyone when I say thank you for listening to our concerns! Or at the very least, everyone on this string and everyone who didn't realize the file permissions issue exists in the first place — which I guarantee would be a huge number if you polled users.

New Member

Would be great to see this update made. 

 

@hubspot product team - is this on the roadmap?

updated to: In Planning
HubSpot Product Team

Hi everyone,

 

Thank you for submitting your ideas on this community thread. I am updating the status of this idea to "In Planning".

 

We will continue to share updates on this topic on this thread.

 

Sincerely,

Kie

Regular Contributor

Awesome @watanak !!! Thanks for the update!

Regular Contributor

@watanak, I am surprized that HubSpot needed someone to come up with an idea for this. This really is not a feature request. This is about averting a potential risk.

Regular Contributor

This is something that needs to be updated ASAP.

We need limited users to be able to see files based on their role.

Esteemed Contributor

+1 here.

 

It's already in planning which is great, thought I'd just add my voice anyway 🙂

 

With the potential for any portal getting the CMS add-on/cms-hub. It becomes important to need to permission out the file manager.

 

  • Keep website critical files away from marketing, sales and other departments
  • Have a space for marketing content only
  • Have a space for sales, service and other departments to make use of for template building, document storage and more
New Contributor

For us it´s totaly the same!

We need this feature asap so that our trainees and our sales partners which are not employed by us can work in Hubspot too.
Do you already know when you have got it fixed?

Thanks in advance and best regards.

New Contributor

This is massively important.  There's no way we want every single contributor / user seeing all files.  The lack of ability to set permissions around this is super dangerous/unhelpful.

Glad it's in planning.