Hide Activity stream details from other Client orgs

Tara Wilson shared this problem 8 months ago
Defect Fixed

Currently we have client organization setup and I've been looking at enabling the activity stream for users. the problem is when a user looks at the activity stream they can see names of people from other client orgs. For example, it will say the exported a report on a particular day. While it doesn't say their company, it's still not ideal to show their names. Is there some sort of setting where this can be hidden but still keep the ability to add the comments and see what people from their own organization are doing?

Comments (7)

photo
1

Hi Tara,

Thanks for reaching out with the issue you're facing.

I've found this to be Defective behavior. To clarify, when Client Organizations are accessing content that exists at a Default Org level, the Activity Stream shows activity from ANY Client Organization. I've raise this as a Defect, since this shouldn't be the case.

Worth noting is that if you were to import the content directly into each Client Org, the Activity Stream would be specific to that copy. While I understand this may not work for some work flows, it is a work around to isolate the Activity Stream in the meantime.

I'm sorry for any inconvenience this may be causing and will keep this post updated with further information regarding this.

Thanks,

Ryan

photo
1

Hi Ryan,

Thanks for logging this! Considering that the primary workflow (I'm assuming) is to push content from the primary org to client orgs this is definitely a major issue. It's so easy nowadays to google a name and find via linkedin who they work for (competitors, etc!). It would be a major hassle to import into each and every client, especially from a maintenance perspective.

I really hope that this is fixed soon so we can enable this feature. I've really been looking forward to enabling collaboration features as that is so important when it comes to making decisions based on data. I'm going to keep testing timeline and other portions to ensure we don't run into similar snags. Are there any other gotchas like this in any of the collaboration features that I should note?

Cheers,

Tara

photo
1

Hi Tara,

I agree that this is problematic as it pertains to collaboration and multi-tenancy! I've raised the task with High priority and will keep this post updated as I have further information.

In regards to your final question, I'm unaware of any other possible occurrences of similar behavior with our collaboration features. Please do not hesitate to let us know if you come across anything in the meantime.

Thanks,

Ryan

photo
1

Hi Ryan,

Another client is currently seeing this bug (Ponton) so they have been included in the subscription list.

photo
1

I can confirm we had to disable activity streams for the same reasons.

The default org holds the reports that clients run. The data of clients is separated by CLIENT_REF access filters.

When accessing the activity stream for a particular report users saw:

* Jane Doe exported this element

* Joe Sample exported this element

So this had two unwanted effects:

1) the user names of other client orgs were exposed

2) users got the impression that total strangers were able to export their data

We also consider this a hole in the Chinese walls between client orgs.

photo
1

Hi Henning,

Thanks for the additional information. I'll keep this post updated with further information regarding this issue.

Thanks,

Ryan

photo
1

Hi all,

I wanted to provide an update on this ticket, as Development has recently been working on this. It would appear that current released versions: 7.3.13, 7.4.7, 8.0; are no longer experiencing this behavior. I have personally tested this on current versions and have come to the same result.

An upgrade to one of these versions should resolve the issue you're seeing here.

Thanks,

Ryan