Make visibility of page status indicator configurable

Some users want to hide the page status indicator and quick actions from users.

Have more questions? Submit a request

4 Comments

  • 0
    Avatar
    Jeroen Vis

    The reason we want to use Better Content Archiving is for the statistics (last read, last updated etc.). We want to hide the archiving options for users because we are not going to use that in the first place. If a page is not relevant anymore, we just delete it. I don't want to hide the status indicator, but just the quick actions.

  • 0
    Avatar
    Giao Ton

    We had the same request from our users to hide the quick actions from users. I think that quick action should be configurable.

  • 0
    Avatar
    Daniel Varela Santoalla
    I would like to further comment that there are two aspects to this problem.
     
    One is the showing or not showing about the status of the page content to users, which one could argue acceptable or not. Ideally it should be configurable but an argument could be made that this is something all users could be interested about, how up to date is the page
     
    The second aspect, and to me way more serious is about *security*. And again here there as two sub-aspects
     
    - First it is a serious problem that *any registered user* can “Confirm” the page, even if they don’t have write access. This allows any user to manipulate (alas, by extending) the expiry of a page and alter they way the content management works. We do have tens of thousands of registered users, as we allow free registration so you can imagine how serious it is for us.
    - Second, the page status information shows the user ids of the last editor and the last user who accessed the page. This again exposes user ids and offers information about user activity that should not be accessible to public registered users.
     
    Hope this can get fixed quickly.
  • 0
    Avatar
    Levente Szabo

    Hi Daniel,

    Thanks for raising these important aspects with us.

    As discussed separately, your finding about who can use the "Confirm" quick action will be addressed by the product team and a fix will be released.

    As for the hiding of user identity in the Page Status Indicator, please see our documentation and review the solution we are currently offering for this: https://www.midori-global.com/products/better-content-archiving-for-confluence/server/documentation/configuration#data-privacy

    Thanks again for your concern!

    Levente

    Edited by Levente Szabo
Please sign in to leave a comment.