Users that do not have access to space are still visible on space board view…?
To me, the expected behaviour would have been for users that do not:
Have access to a space or
Do not have permission to create anything in that space
to not show up in places where the ‘created by’ attribute is applicable -mainly because it is impossible for them to create anything.
(Edit before the edit): Is it because they may have had access to that space before? If so, could we perhaps have the option to show previous space users as an option? Just trying to reduce noise…
Yes, I gathered that that is ‘how it is’, but I think it shouldn’t.
Of course we could filter out anything, but I find having to filter something that should not be visible in a view to be unnecessary. For instance, I had to check whether I was missing something and if those users perhaps really had access.
If a Fibery user with admin rights created such a view in the office, staff could potentially see a client list that should not be visible to them before someone cops on and creates a filter.
It is very likely that there is a logic the Fibery team had when making that call that I just can’t see from this side of the fence.
The users database is not INSIDE the space, its a database outside of all the spaces.
So just like if you were to set the columns to be a database from a different space, it would show all items from that database. The only difference (as opposed to the users database) is that you could set custom access rules so that those with no access to that database do not see the items. So if you set the columns to be a db from a space someone has no access to, they will not have access to the columns.
A very important thing is that filtering data does not = data security. User can create private views with data that is filtered out.
If you want proper security, you need to use Entity Level access, or DB access, or Space access. Unfortunately this isnt a thing YET for the users database. Everyone has access to all users in the users database. The only exception is that guests do not have access to other guests. There are plans to add access control to the users database though soon according to the team.
Actually, it seems possible to move the Users DB to another (non-shared) space. So it looks like can be inside a (not access) space. So not all users can see all other users (unless I am still missing something?)
This does not address the original issue though.
PS: Sorry, I fired that post off without completing it, hence the edits…
You should. You can also use the three dots.
You’re not getting this? (I use Brave, also built on Chromium like Chrome)
PS: it works in Brave but also in the desktop app where I initially discovered it (perhaps the desktop app somehow references the default browser as a base - ?)
It is now (because it was moved to a non-shared space), and Observers can’t see it - see below the Observer’s view. This is to me the expected behaviour of this element.
This has become somewhat of a side-issue (though I am really glad it does not seem to be an issue). I would still appreciate a response from the Fibery team on the OP.
The users database acts different from all other databases in fibery. You can open it (the database itself with the automations, fields, etc) by pressing the database button. Here:
You can’t move the users database to a different space.
The users database (as in, all items inside the database) is visible to all other users. With the exception that guests are not visible to other guests.
Only admins can click the little database icon to view the database itself (and configure rules and fields), but all items inside are accessible by everyone.
This is something that is currently being worked on by the team: controlling permissions of users the users database. Who can see other users. But it’s not implimented yet.
Yes, got it, thank you @RonMakesSystems
That was indeed a folder that I had moved initially.
Unless I am misunderstanding you, this is not what I found. In my testing Observers cannot see the user database at all - not just not see other ‘guests’. This is what I would expect.
I need more time to explore the application to fully understand what you mean here, though I suspect that it at least means that views with activity by other users where the user is exposed in that view (such as ‘created by’), will be visible to any user that has access to that view (?)
Good to hear!
Thanks for educating, me Ron! I am climbing a hill.
I hear that the original post issue is not a bug, but the option to show users in a view as creators while they are explicitly not allowed by design via Fibery’s excellent user permissions system to create anything in the workspace, is somewhat counter-logical, would you not agree? To me it is a bit like creating a date range rule, then having the system ignore it, requiring the admin to create a… date filter.
I understand what you’re saying, and it’s a fair point. I think @RonMakesSystems was just pointing out that it isn’t a ‘bug’ in the sense of a deviation from the expected/intended behaviour.
Unfortunately, the way board views work, it is technically very hard to only show user columns which are ‘permitted’ options, based on access rights.
@ChrisG Except the Observers & guests, who cannot see it, correct? Ref my screenshot above. Which is correct and how it should be in my opinion for Observers.
