-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inform impersonated user about impersonation #80
Comments
also related: #50 |
also related to #17 As it is now, Impersonate looks like a big hole in the wall. |
Hi everyone. I created a working version of notification and email #84 . No activity stream for now. It is working but not very clean. I can update it with your feedback |
IMO this is something that should be configurable, if not from the gui at least in config.php or something. There's plenty of legitimate reasons why an admin would want to impersonate without notifying. |
I don't think that this should be configurable because then it wouldn't make any sense to have this notification feature at all. @virtualdxs please tell me just one good reason why you should be able to disable these notifications. |
Better close source the whole project then so admins can't build their own copy and disable the feature. One good reason: Gathering evidence from an employee who's about to be fired without giving them a chance to delete it or heads up that they're being investigated. Fundamentally, an admin should have full control of their systems and be able to do what they want with them. |
Note that this doesn't make the feature completely useless - Only the highest level admins, not necessarily all with impersonate privileges, could disable it. |
How about adding a switch to config.php instead to settings. This way, the admin can't easily switch on and off and think twice before restarting the app for a config change? |
That sounds reasonable to me. Ideally, I'd like the switch to be whether to allow this to be configured, not whether to notify. That way, high level admins could impersonate without notification while lower levels do still trigger notifications (as an example). |
If I say my server must not do x, then it must NOT do x. Users will be informed of what I'm able to do with the data on my private server and they can choose whether to use it or not. |
Thank you for your concerns, @TheManchineel (even if your language could have been slightly more diplomatic for my taste). One good thing about Nextcloud is its scalability - in terms of user count but also in terms of target audience. |
@wiswedel Sure, having this as an option one can enable (especially if you're using Nextcloud and fall under a case where GDPR applies such as using the server in an enterprise environment, or basically anything other than a small private install, as you mentioned) would be great to have. I do think we should be transparent towards users, in fact, I believe such a feature would greatly discourage abuse of impersonation features, especially when it comes to Nextcloud Chat, Email and Calendar applications, more than file access - considering files are already there on the FS, while access to these applications allow you to act on a user's behalf. This goes in tandem with a need for a redesigned group admin feature that allows limiting the group admin's ability to management of a user's membership to a group and deletion of the group. However, with this said, I do believe it should be up to the server's physical administrator (as in, someone who can write to config.php) to choose whether to enable notifications for the impersonate plugin or not. It would make sense to have this enabled by default for GDPR compliance, and to warn an administrator, before they click on "Impersonate", that the user will be warned of the action. Even better, config.php could have the option to disable this feature for a specific user or admin group, as has been suggested by @virtualdxs. |
Description
The impersonated user should get informed about any performed impersonation.
Details
Location
Motivation
Even though the impersonation is logged in the Nextcloud log, the impersonated user has no idea someone acted in their name. Too much harm could be done by a bad admin without anyone noticing it for quite some time.
The text was updated successfully, but these errors were encountered: