Every USER can see other users when sending messages
If the option to send messages is enabled on the user (which it is by default) - even if the user has NO permission to see any vaults, they can still see a list of all the other usernames and email addresses of every user.
I wouldn't like a customer of ours, knowing who our other customers are (by virtue of email address), and I suppose it raises privacy questions surrounding GDPR as well?
We *can* turn the messaging option off, but I think users should not be able to identify other users like this without permission.
All Comments (2)
Hello,
Thank you for contacting the Devolutions Service Desk !
I've just opened an internal ticket asking our engineers if this is something we could perhaps implement into Devolutions HUB.
I will get back to you with news once I receive an update on their end.
Best regards,
Hello,
As it stands, the recommended approach for MSPs is to create one Hub Business per client when clients have access to Hub Business. That's currently the only way to ensure clients can't get any data (name, emails, etc) from other clients. If you wish, we do have a reseller program that will allow you to save some costs. We also understand that it is not ideal in all cases, that's why we are currently investigating on how to support business units or multi-tenancy within a single Hub. That feature is not planned for a specific release yet.
Have a good day!
Maxime Morin