Problem Description:

Currently, when Rovo is asked to share details about a Jira ticket, Confluence page, or other content via email, the system requests permission for the service provider (e.g., Gmail) to send emails on the user's behalf:

Once permission is granted, Rovo can send information to any email address provided by the user with a simple command like "send the ticket ABC-123 to email@domain.com using Gmail".

This creates a risk of unintentional or unauthorized data sharing, as sensitive information could be sent to external or unintended recipients, potentially leading to data leaks.

Suggested Solution:

Implement mechanisms to ensure that only authorized users can send emails using Rovo Chat or Rovo Agents. This could include:

• Allowing admins to configure and enforce email sending policies within Rovo.
• Providing granular permissions so only specific users or groups can initiate email sends.
• Restricting the ability to send emails to a predefined list of approved recipients or domains.
• Adding audit logs and alerts for email-sending activities to improve oversight.

Why This Is Important:

Without proper controls, there is a significant risk that sensitive or confidential information could be inadvertently or maliciously shared outside the organization. Implementing restrictions and controls on email sending will help prevent data leakage, ensure compliance with organizational policies, and maintain trust in Rovo as a secure tool.