-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Guest role with restricted permissions #2946
Comments
I was testing Outline for my company and I've found the same issue here. MT-167 @moduon |
+1 This may be a blocking issue to use outline in my company. |
👍 This is a blocking issue |
It sounds like the ask here is for a "guest" role which is being conflated with viewer. Guests would have much more restricted data access, potentially only being able to access collections that they are explicitly added to and not have access to settings screens. Does this sound right? |
Yes. In my case (I'm evaluation 25 kwnoledge platforms), I have assumed that the Viewer role is the Guest role because all of the other platforms treats "Viewers" as "Guests". Just for clarify the meaning of Guest for me: An invited "user" that can view/comment content for which they have been invited. |
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days |
@tommoor Form this comment above: #2946 (comment)
Not having this is a limitation for our team. We have some collections that contain information for our team only. Equally we need to create collections that can have external editors and viewers. We think Outline is a really great tool! But this limitation and the inability to share just one doc in a collection (with edit permissions) with a team member or guest will probably turn out to be deal breakers for us. |
@tommoor : |
Maybe an alternative convention can be to hide member email addresses for any user but admins? This should be much easier to implement than a new role. The display of the email address fields must be conditional on a permission in both cases. |
This is already the case, the policy is defined here: outline/server/policies/user.ts Line 63 in 20d85e3
|
This feature is now released in |
@tommoor |
If I invite several external users to my outline installation, everyone could see other users who have viewed / edited an article. When you invite external users from company A and from company B they can see each other
which would be an GDPR incident.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
External users must not see others to avoid GDPR penalties. There should also be an feature to disable the avatar - button on
level and forbid access to settings menu.
If the disabling is not possible, the information should be anonymized e.g.
Screenshots
The screenshot is made from an external user which can see other (external users) marked with red rectangle.
Outline (please complete the following information):
The text was updated successfully, but these errors were encountered: