docs
docs copied to clipboard
mattermost
Document design decision behind allowing discovery of users on other teams and channels
It's possible for someone with knowledge of the Mattermost API and with regular user credentials to discover and retrieve the usernames and real names of other users on the same Mattermost server, regardless of team and channel membership.
This was a deliberate design decision because the expectation is that if security is a top concern then deployment happens in a private network.
Sample text:
It's a deliberate design decision we've made for the product in the context of overall system security. The expectation is that if security is a top concern then deployment happens in a private network. The API allows the retrieval of every user that is on the system in a sanitized way so that users are able to send each other Direct Messages and also discover which users are part of their team or other teams. In that regard it is important to say that no user is able to manipulate other user’s data, except for System Administrators, who can reset user passwords or change the way that users authenticate against the platform.
Maybe simplify a bit:
Note: Users on the same server are able to view the username and full name of other users so they can choose to Direct Message channel for communication, regardless of team membership.
@wiersgallak, is this something we still need to document? I don't actually know where this is located in the docs but it seems like it may belong in the FAQs (such as here: https://docs.mattermost.com/about/faq-design-decisions.html?highlight=design%20decision). Happy to add it if it's still relevant.
