Moderators should not see emails in SSO section

jomaxro · February 23, 2018, 9:31pm

Moderators are not able to lookup user emails via the user’s admin page, only admins can do that. However, if SSO is enabled moderators can see a user’s email in the Single Sign On section of the same page. Viewing this email is also not logged for admins like viewing the “normal” email is.

cpradio · February 23, 2018, 9:44pm

Just for clarification, you are asking to hide that information behind a button like the typical email address yes? And when clicking that button it logs the action.

jomaxro · February 23, 2018, 9:46pm

That’s the secondary (bonus) issue. But yes, that is what I mean.

The primary issue (which was brought up by a site we host) is that moderators can see the email at all. The field shouldn’t even appear for moderators.

codinghorror · February 24, 2018, 12:45am

We should address this @techAPJ

Karl_Romanowski · May 19, 2018, 7:04am

If you do end up making this change, please also consider hiding the email column in the Users lists from moderators as well.

We had to make community volunteers TL4 instead of Moderators because exposing user emails to non-employees was considered a privacy violation.

But, since both admins and moderators are considered ‘staff’ maybe that’s the correct group for them. A TL5 group that allows silencing other users would be ideal.

jomaxro · May 19, 2018, 8:40pm

That button shouldn’t be there at all for moderators, we absolutely should fix that. cc @techAPJ

Mittineague · May 19, 2018, 9:01pm

I must respectfully disagree. I agree that access to a member’s email address should require some effort and the action should be logged. But to make it completely unavailable regardless of circumstance can severely limit a moderators ability to make a fair judgement call.

Until such time that Screened Email Levenshtein does a better job, if anything is done in this area it should have a setting for those Admins that don’t want to handle moderation duties.

jomaxro · May 19, 2018, 9:07pm

We need to be consistent. Either we allow moderators access to emails (logged when they do), or we don’t. To allow access in some places but not others is bad.

itsbhanusharma · May 19, 2018, 9:10pm

I’d +1 this. Can’t figure out any legit reasons for moderators to see emails of other users.

Mittineague · May 19, 2018, 9:11pm

Thanks for clarifying. I have no problem with keeping it behind a click and the action logged. I misthought the proposal was to remove it altogether.

techAPJ · June 12, 2018, 9:37am

Moderators will not see the external email in SSO section anymore via:

https://github.com/discourse/discourse/commit/59a8471308634685fe882fb393ce6d48dba7d2c6

If moderators do need to check user email for investigation purposes they can always click on the Show button next to Email (provided that moderators_view_emails setting is enabled).

Hiding the external email (in SSO section) behind the button for an Admin will require significant more effort, will add to my nice-to-have list.

techAPJ · November 11, 2020, 7:48am

Now done via:

https://github.com/discourse/discourse/commit/00b41437b01e740c59203d73b3d74654a8d62d0a

Topic		Replies	Views
User email is not hidden under Single Sign On area of admin page bug	4	590	February 17, 2021
Can no longer view users emails as a moderator support	6	1081	July 28, 2018
Email security/obscurity for moderators is inconsistent bug	15	2778	September 29, 2015
Moderator email viewing rights changed? support	26	1986	March 18, 2019
Moderators cannot show email for a specific user? support	2	541	March 26, 2017

Moderators should not see emails in SSO section

Related Topics