I know the first question in this thread will likely be why. It’s an issue of employee data privacy, and protecting them from managers who might penalize them based on having access to know how employees participate in the company forum. On the other hand, removing the user database might also make it difficult to remain compliant with GDPR, because admins need to be able to delete users who ask to have their information forgotten. But that’s not the question at the moment. They question is whether it’s possible to remove.
Perhaps the question is whether managers need to be admins? Admins by definition would be the one to do any sort of customizing and anything to do with admin interface, so no this is not really something that would be possible (ie: a custom plugin that an admin would install, or a theme component/ CSS an admin would setup?). To me, it sounds like Managers should be category moderators or a custom group? What admin level access do managers require to do their role? Perhaps you can expand a bit more on the use case.
There is another point too. Everybody who needs to use personal data can do it, but it must be told to users. GDPR is limiting what personal data can be collected, for what reason and how long data can be stored. Totally different thing than right to process such data when needed.
Administrators have many, many ways to get access to all of the data in the system. If you don’t trust them, you have bigger problems than their being able to see their user record.
A thought? Only have forum admin and a full moderator or 2 that can be trusted with that access
If a manager needs to be able manage for example Flags. Setup Category Moderator group. They don’t have access to admin menu. If a user needs to be deleted suspended the category mod will have to reach out to full mod/admin team
The perspective here is that managers could potentially ask admins to check on employees, so the reasoning is nobody should be able to see the list of users.
It’s hard to imagine how someone could administer a system that they don’t have access to. And if you can’t trust neither the managers nor the admins, well, you’re not going to solve that with technology.
But any user can search for users. Search results for '@Gavin_Hudson' - Discourse Meta. If employees are going to say things that they will be penalized for then you could allow anonymous posting? But there is still no way to keep admins from knowing who is posting.
Even if you had a plugin that removed the /admin/users route and the /users route (because everyone can see the list of users, right?), and disabled searching, admins could still get the information by
downloading a backup and restoring it on another instance
directly querying the database
And even if your horrible managers can’t search the forum, they can still see the posts that they make and who made them if they just look at all of the posts. Or do you mean in PMs? If you mean PMs then you could use Discourse Encrypt (for Private Messages) and that would keep admins from being able to see what was said.
If you don’t trust managers or admins then the only thing you could do would be to have a forum that is not managed by anyone in your company that has users sign up with email addresses that are not connected to the company.
Or maybe there is still something that I don’t understand.
Thanks. They’re mainly concerned that a manager could know how much time employees are spending on the forum and penalize them for spending too much or too little time there. I can remove the /users directory easily enough, though in my opinion this would also decrease the community element of the forum. But you’re right that admins need to be able to admin. I just wanted to check to make sure my understanding was correct that there is no possible way to disable the /admin/users view.
I might be wrong, but at best I think you could only get last visits of given users, total number of days online, and subsequent days online (Which could mostly be gotten non-admin as well)
You’re literally saying that how much time employees spend doing their jobs on the forum needs to be kept secret from their managers.
Right.
How much time people spend on the forum is one of the metrics Discourse and its users can tell if someone is a valued member of the forum. Here’s some stuff your managers can’t be trusted to know about:
It’s going to be hard to build a community if participating in it may be cause for being penalized by their managers.
