Details
-
Suggestion
-
Resolution: Won't Do
-
None
-
None
Description
NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.
Some Confluence pages can contain sensitive information, which should not be sent by mail. Each individual user can, however, decide to use the “Show changed content” email notification setting and hence cause a security breach. Disabling the email notifications altogether would obviously be a quick remedy but the email notification feature as such is needed in order to maximise the flexibility of the offered communication alternatives.
Suggested solutions:
1.) The admin should have the option to disable the “Show changed content”-setting in the email notification settings of all users and - should someone already have set it to "on" - reset the selection to “off” for all users. The default value of the “Show changed content”-setting should be “off”, when new users are created.
2.) The ability to have page content sent by email could be limited on the space level or on the page level:
On space level:
- an additional choice could be added to space properties for indicating if sending of any page content within that space should be inhibited
On page level: - a certain label could be defined in the general settings (per default e.g. “sensitive-no-email”), which could then be used on pages, the content of which should not be sent per mail (default e.g. “sensitive_no_email”). The existence of this label would cause the email notification logic to omit the page content from the sent mail, replacing it with a notification text like “sensitive page content was omitted from this message”
Attachments
Issue Links
- relates to
-
CONFCLOUD-39652 Prevent mailing of sensitive content
- Closed