Hi guys,
An external user can see sensitive details of all account users through the console, including email, first name, last name, last visit etc
You can check that with /api/user and then org.users
Is it expected?
Hi guys,
An external user can see sensitive details of all account users through the console, including email, first name, last name, last visit etc
You can check that with /api/user and then org.users
Is it expected?
Hey @Oleksandr_Dovgopol - thanks for flagging this! You should be able to prevent this by specifically disabling "View users page with emails" in the "Additional" settings for the "All Users" permission group.
We will be updating the default value for this field, as well!
Thank you Darren! It solved this issue. Great!