Hi guys, due to security reasons we wanted to turn off the sharing option OR be able to review all shared entities. Is that possible to do?
Unfortunately it is not possible to turn it off. Moved to Ideas space. I will ask developers whether. it is possible to have a list of shared entities somehow.
5 Likes
This is also something that we would like the ability to do.
2 Likes
I think the easiest solution would be to add the sharing action on Audit log, I was surprised I didn’t see it there. From there a user can simply filter the log assuming there’s no time limit for audit log.
Btw, @mdubakov for how long the audit log is kept?
2 Likes
Yes please. Sorry for unburying this topic but this seems critical. There needs to be one of those functionalities for security purposes:
a) Sharing is in the audit log, so I can at least trace back and stop sharing
b) Share until: Add possibility to share until a certain date / time.
c) List of all currently shared entities/spaces/views
Any news from the devs?
1 Like
Hi @Chr1sG Any updates on this topic? It’s not secure because every document can be shared outside of the company.
There hasn’t been a great deal of demand for this, so it’s not percolating to the top of our to-do list I’m afraid.
Out of curiosity, is your concern that a user will accidentally enable sharing?
Obviously, if a user deliberately wishes to disclose information, turning off sharing doesn’t stop them from leaking the information out in many other ways.
Good point. Can we see the list of shared entities and who shared them?
Being able to see a list what is shared publically (and being able to stop sharing in the list) is a pretty significant privacy and security requirement.
Can we please push this in the roadmap?
2 Likes
You can vote for the feature at the top of the page.
1 Like
This is actually an issue and should not wait for votes to get attention. It exposes serious privacy and security risks to organizations where users either intentionallly or unintentionally publically share company data or personal data. The shared content need to be monitored by some responsible department or person.
Can you change the category to Bugs&Issues? If you like you can change the title to the underlying problem, or we can post another topic with a more descriptive name of the underlying problem (Security and privacy issue with unmanageable publicly shared content)
1 Like
The security risks exist, but only in the same way tht risks exist that an employee intentionally or unintentionally posts company data to facebook.
Either the users should not have access to data (so they can’t share it) or they should be educated/trained in the correct (and incorrect) ways data can be shared.
Of course, Fibery could be improved, for example with options described in the first post, but the absence of these options is not a bug per se since Fibery is behaving according to the intended design.
Any updates on this guys? We want to turn off the sharing for documents with sensitive information.
2 Likes
Nothing to report I’m afraid.
Do you have in the roadmap at least?
I can’t see that we have a specific feature in our backlog that relates to this problem, sorry.
This is a hygiene feature and it’s not as simple as “whoever shared should be educated”. I found myself sharing some thing pages at a point but I need to review if these should still be shared regularly.
So low I clicked through everything to see what pages were shared. But as I have a lot of databases, I don’t know what entities were shared too.
I would think/hope that a simple list of publicly available content (spaces, pages, views, entities), and which can be indexed by search engines should be reasonably easy to implement.
Can be a tab in the audit log or a section in the workspace settings. It could even be a script to generate a report…
And lastly, I would love to vote for these things but I’ve not had votes available for ages.
So votes should be freed up when the items are added to the roadmap or marked as won’t do, or paid subscribers should receive new votes every now and then… thanks.
4 Likes
Some workaround is possible here now, you can use API endpoint to fetch all shared entities and docs.
Use this URL (only Admin can do it).
https://ACCOUNT.fibery.io/api/sharing/commands/list-shares
{"entityType":"d8539bb0-5c5e-11e9-bd99-87e231d30182",
"entityId":"0fa1c000-...",
"sharedBy":"86160190-...",
"sharedAt":"2023-11-06T13:56:45.316Z",
"sharingKey":"1ec11cb0-...",
"typeName":"Customer Success/Conversation",
"userName":"Polina Zenevich ",
"entityTitle":"[#4232] Michael & Polina"}
I hope we will put some UI on top in near future.
6 Likes
Thank you for this, it works well.
If possible, it would be nice to be able to filter the output for some of the specified keys, e.g. entityType, typeName, userName, etc.
Sorry, here you will have to wait for UI…
1 Like