A guest user can see/invite all existing users in a workspace

Problem

I’ve invited a guest user (simulating a client) to a newly created space. I’ve also carefully shared a Project entity and by extension, related Tasks entities using Access templates. Everything works well. I can create a Board view and the user can view/comment on the Tasks.

But…the guest user can Share any entity to any existing user. I don’t want to expose all users within the Fibery Workspace (our company users and eventual other clients) and I don’t want the user to be able to share entities with existing users. I just tried inviting an existing user and they received an email. Now what would happen if a client invites another client?

Perhaps a guest user should not be able to share entities with anyone at all?

image

1 Like

The ability to control who can see other users is in plans.
As for sharing, it should not be possible for a user to grant access to other users beyond what they themselves have

Only Admins can invite additional users.

But yes, currently a user with read-only access can grant any other (already registered) user read-only access.

Any estimate on this?

It feels like a more serious bug to me (viewing/inviting other already existing users).

I didn’t anticipate this behavior and maybe other users have not thought about this as well (but have started sharing with external users). We have discussed sharing spaces/entities with clients internally and today we did I small test simulating a guest user. So we were just lucky to find this.

I don’t see the use case for a user that only has view/comment access to be able to share the entity with anyone at all so perhaps just removing the Share button would be a simple solution? Unless there exists a Public link already, perhaps then it’s fine. But not really necessary for us at least.

1 Like

To be clear, a user can currently share with other ‘internal’ users (those who are listed in the People space).
The ability to share externally is controlled by an option in access templates:
image

So a user cannot share with ‘anyone at all’, only with other people already in the Fibery workspace, and only with external users if they have that capability.

When it becomes possible to manage access to Users, it will be possible to control who sees other users in the workspace. In this situation, you could have a user who cannot see all of the other users in the workspace, so can’t share with them.

I think it is reasonable to allow users to share things they know with people they know (in the workspace).

Even if it didn’t behave like that, there would be nothing to stop someone with view access from taking screenshots or copy-pasting content, and I don’t know many tools that effectively prevent that 100%.

This is reasonable and looking forward to it. But it is not what exists today.

Let me give a very simple example:

  • I have three guest users (clients) that each have access to their own entity (using access templates, only view/comment permissions).
  • They will be able to:
    1. Find other guest users (clients)
    2. Invite them to their own entity? Not sure about this one but I believe the other users will at least receive a notification about it.

Is this example incorrect?

If it’s correct, it is currently stopping us from sharing stuff with clients. We are based in Europe and have to follow GDPR rules as well, unsure how this affects that (not looked into it).

To be honest, number 1 is enough for us to not use it. And other users may not be aware of this.

Your summary is correct, as things currently are.
When we roll out the ability to control access to other user entities, then number 1 will be solved, which means that number 2 becomes irrelevant - users won’t be able to share with users they can’t see.

FWIW, you should be aware that it may not be possible to create a Fibery workspace which achieves GDPR compliance, depending on your policies and the data you store, based on how Fibery currently works.
For example, as it stands at the moment, deleting an entity in a workspace does not delete the history of that entity from the activity log. So it is not possible to completely eradicate all traces of an entity. This could make it very difficult for you to achieve GDPR compliance in relation to your obligation under article 17.

Note: IANAL and YMMV :slight_smile:

1 Like

We didn’t knew this either. Was planning to invite our clients in the workspace as well, but this is also a deal breaker for us.

I have a button to delete a contact + all it’s related entities (like appointments, tasks, notes, etc.)

When all is deleted, then all activity logs are also deleted I think?

What data can still be somewhere? And if I first change the name of the contact, before I delete it. Then only that new name (deleted contact) show up in activity logs I think?

1 Like

Nope. Activity log keeps a record of its existence.

Have a look at your activity log
image

It’s true that records in the activity log will make use of the entity’s new name after it’s renamed, but it is still possible to see what the old name was in the log entry for when the name change happened:

and when it’s deleted, the records do not go away: