From 2727ba2f70dad57b86d2c6ff4dd625f20e93fab2 Mon Sep 17 00:00:00 2001 From: Frieder Schrempf <34034373+fschrempf@users.noreply.github.com> Date: Fri, 18 Feb 2022 11:52:54 +0100 Subject: [PATCH] Extend warning about activities in groupfolders This extends the warning about activities in groufolders to mention the potential of leaking sensitive data if "Advanced Permissions" are used. See https://github.com/nextcloud/groupfolders/issues/1057 for more information. Signed-off-by: Frieder Schrempf --- admin_manual/configuration_server/activity_configuration.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/admin_manual/configuration_server/activity_configuration.rst b/admin_manual/configuration_server/activity_configuration.rst index e40d773f9..1203657bc 100644 --- a/admin_manual/configuration_server/activity_configuration.rst +++ b/admin_manual/configuration_server/activity_configuration.rst @@ -46,8 +46,9 @@ like in normal shares when set to ``true``. This config option comes with the following limitations: - 1. Users that had access to a groupfolder, share or external storage can see activities in their stream and emails that happen after they are removed until they login again - 2. Users that are newly added to a groupfolder, share or external storage can not see activities in their stream nor emails that happen after they are added until they login again + 1. If "Advanced Permissions" (ACLs) are enabled in a groupfolder, the activities don't respect the permissions and therefore all users see all activities, even for files and directories they don't have access to. **This potentially leaks sensitive information!** See `this issue `_ for more information. + 2. Users that had access to a groupfolder, share or external storage can see activities in their stream and emails that happen after they are removed until they login again + 3. Users that are newly added to a groupfolder, share or external storage can not see activities in their stream nor emails that happen after they are added until they login again Better scheduling of activity emails ------------------------------------