4 followers Follow

External User access to internal group membership lists

When an external user is added to items in a collabspace, they can modify the access of items if they have Share or Admin rights. The modify access dialog allows them to view the list of internal groups and those groups' members, even if those groups are not added to the item they are modifying. Generally, I recommend only giving VE access to external users, as there isn't much reason for them to have S or A (content is being shared with them; they don't need to share content with others). But the external users will have VESA to anything they upload/add. 

I have two client firms who would like to have a setting to prevent this. Perhaps create a flag in the cabinet that says 'Do not allow external users to view internal group membership'. A group's membership can already be hidden, but that setting applies to all users across all cabinets, not just external users. I don't see a reason why an external user would need to browse the members of internal groups to add them to documents which have already been shared with the external user by some other internal user. As an external user, I shouldn't need to share the internal users' own documents with other internal users. I should only be able to see the membership of groups currently added to the CollabSpace. 

Status: None

Please sign in to leave a comment.



Our firm would also  like a registry switch for ndOffice to turn this function off entirely.  We do not allow security on documents and only IT is allowed to provide this.  Thank you. 

0 votes
Comment actions Permalink