Make visibility of page status indicator configurable

Some users want to hide the page status indicator and quick actions from users.

Have more questions? Submit a request

7 Comments

  • 1
    Avatar
    Jeroen Vis

    The reason we want to use Better Content Archiving is for the statistics (last read, last updated etc.). We want to hide the archiving options for users because we are not going to use that in the first place. If a page is not relevant anymore, we just delete it. I don't want to hide the status indicator, but just the quick actions.

  • 1
    Avatar
    Giao Ton

    We had the same request from our users to hide the quick actions from users. I think that quick action should be configurable.

  • 1
    Avatar
    Daniel Varela Santoalla
    I would like to further comment that there are two aspects to this problem.
     
    One is the showing or not showing about the status of the page content to users, which one could argue acceptable or not. Ideally it should be configurable but an argument could be made that this is something all users could be interested about, how up to date is the page
     
    The second aspect, and to me way more serious is about *security*. And again here there as two sub-aspects
     
    - First it is a serious problem that *any registered user* can “Confirm” the page, even if they don’t have write access. This allows any user to manipulate (alas, by extending) the expiry of a page and alter they way the content management works. We do have tens of thousands of registered users, as we allow free registration so you can imagine how serious it is for us.
    - Second, the page status information shows the user ids of the last editor and the last user who accessed the page. This again exposes user ids and offers information about user activity that should not be accessible to public registered users.
     
    Hope this can get fixed quickly.
  • 1
    Avatar
    Levente Szabo

    Hi Daniel,

    Thanks for raising these important aspects with us.

    As discussed separately, your finding about who can use the "Confirm" quick action will be addressed by the product team and a fix will be released.

    As for the hiding of user identity in the Page Status Indicator, please see our documentation and review the solution we are currently offering for this: https://www.midori-global.com/products/better-content-archiving-for-confluence/server/documentation/configuration#data-privacy

    Thanks again for your concern!

    Levente

    Edited by Levente Szabo
  • 0
    Avatar
    André Lundin

    As discussed separately, your finding about who can use the "Confirm" quick action will be addressed by the product team and a fix will be released.

    Hi Levente,

    Has this been fixed or is this being worked on for the next update?
    The ability to configure what quick actions are shown to different users/groups is highly requested in our organization.

    Kind Regards,
    André

  • 1
    Avatar
    Levente Szabo

    Hi Andre,

    Please note that the quoted text refers to something else Daniel raised with our support team.

    This feature request is currently still gathering interest. Make sure you follow this topic as we will be posting updates here.

    Many thanks for your interest and continued patience!

     

  • 0
    Avatar
    Inês Mendes

    We have some client-facing documentation and we would not want clients to be able to see the bubble nor to be able to take action. Being able to configure visibility at space-level could help us overcome this.

    We also do not want just anyone to be able to click the actions - preferably, only admins, space admins and selected assigned owners should be able to click (the rest of users would only see whether it is expired or up to date).

Please sign in to leave a comment.