I hid the built-in Users space (renamed to “People”), but for non-admin users it still appears in its normal place in the Left Menu.
There is a misconception. Hidden Spaces is only menu thing and it is per user. It doesn’t affect permissions in any way.
As Admin, I can Hide any Space, and it is then hidden from my other Users automatically.
Why is this different for the built-in Users Space (renamed above as “People”)?
To reiterate, Hiding any Space via left actions in left menu affects only your menu and has no effect on any other Users.
You may think of it like Space Order or Collapse / Expand status for menu item.
As an admin, I think it would be very useful to be able to hide spaces from non-admin users:
- to keep the presentation tidy for most users.
- to restrict their access to only those views designed for end-users.
@Matt_Blais what do you try to ultimately achieve by hiding the People space? If you don’t want all your users to see all other users (maybe for privacy reasons), the solution is to delete the smart folder “Users” in the People Space. Don’t worry, your users won’t get deleted, because they technically reside on “People” level and not under “Users”. The latter is just like another view. So if you now invite a user to just view one specific space, he additionally still sees also “People” Space but he won’t be able to see any usernames nor emails and will get a “Sorry, user management is reserved to Admins only”. Try it out
Actually, hiding the Users smart folder does not strictly prevent a member from seeing other members in the space. For example, via search, a member can query the user database and will (intentionally or otherwise) be able to see other members in the search results.
The user entity view can then be opened to see all basic field info (as well as linked entities in dbs for which access is granted).
@Chr1sG Thanks for the information. Could you point out how one could exactly discover other users? What I tried:
- Created an account with “Member” role
- Added this account to a space as “editor”
- Logged in with this user and opened Search from top left menu
- Searched for name as well as email from somebody else that exists as user and is even assigned to the same space
→ Result: Fibery says “Nothing found”.
Is there another way? In my personal case, I work with external clients and don’t want them to see who else is working with us, nor let them see the email (privacy reasons).
When I reproduce the steps you describe, I am able to see other Users via search.
I’m not sure why you’re not seeing them. Perhaps the search is not properly indexed yet.
Also
- if a User is visible on any entity that a Member can see (e.g. Created by, Assignee, etc.) then alt-clicking on their name will bring up the entity view for that User.
- if a Member has Creator level privileges (in any space) he/she can access the Users database via new views and via automation formulas
- if a user is technically inclined and is particularly nosey, then Users can be accessed via the API
This is not intended to be an exhaustive list, so there may be other mechanisms as well.
I am just saying that the current permissions model is not designed to limit Members’ access to the User database.
Update: People menu can not be deleted anymore. Now all the emails are visible to everybody, regardless which spaces they are assigned to
Previously, one could hide it pretty well by deleting the Users Space. We renamed all users to their first names so no emails were visible. I understand one could still use API, but that’s way too complicated for our users who are non-techies. However: recently a change must have happened and now everything is completely exposed in left-hand menu which at least for us is very frustrating.
@Silver Is Hiding the People space not a good solution for you?
I’m not sure it was ever possible to ‘delete’ the UsersPeople space.
No changes have been rolled out recently that should have the effect you’re describing. Not sure what’s going on for you
p.s. you can ‘push’ your sort order to someone else (including hiding spaces) if you are an admin and are willing to use scripting:
but it doesn’t prevent them from changing it to whatever they like immediately afterwards
Thanks for the hint, but how do you “create a button automation on the user db”? I know automations on db-s but I’d assume “user db” is the “people” space, which doesn’t allow any automations.
Also: exited for the upcoming release of the permission models! Will it also solve the issue of not being able to hide “People” for other users (aka not letting my clients know user accounts of other clients)?
Open a User entity, click on the triple dots in the top right and choose ‘Configure fields’ and scroll down