Moderators are not able to lookup user emails via the user’s admin page, only admins can do that. However, if SSO is enabled moderators can see a user’s email in the Single Sign On section of the same page. Viewing this email is also not logged for admins like viewing the “normal” email is.
Just for clarification, you are asking to hide that information behind a button like the typical email address yes? And when clicking that button it logs the action.
That’s the secondary (bonus) issue. But yes, that is what I mean.
The primary issue (which was brought up by a site we host) is that moderators can see the email at all. The field shouldn’t even appear for moderators.
We should address this @techAPJ
If you do end up making this change, please also consider hiding the email column in the Users lists from moderators as well.
We had to make community volunteers TL4 instead of Moderators because exposing user emails to non-employees was considered a privacy violation.
But, since both admins and moderators are considered ‘staff’ maybe that’s the correct group for them. A TL5 group that allows silencing other users would be ideal.
That button shouldn’t be there at all for moderators, we absolutely should fix that. cc @techAPJ
I must respectfully disagree. I agree that access to a member’s email address should require some effort and the action should be logged. But to make it completely unavailable regardless of circumstance can severely limit a moderators ability to make a fair judgement call.
Until such time that Screened Email Levenshtein does a better job, if anything is done in this area it should have a setting for those Admins that don’t want to handle moderation duties.
We need to be consistent. Either we allow moderators access to emails (logged when they do), or we don’t. To allow access in some places but not others is bad.
I’d +1 this. Can’t figure out any legit reasons for moderators to see emails of other users.
Thanks for clarifying. I have no problem with keeping it behind a click and the action logged. I misthought the proposal was to remove it altogether.
Moderators will not see the external email in SSO section anymore via:
https://github.com/discourse/discourse/commit/59a8471308634685fe882fb393ce6d48dba7d2c6
If moderators do need to check user email for investigation purposes they can always click on the Show button next to Email (provided that moderators_view_emails
setting is enabled).
Hiding the external email (in SSO section) behind the button for an Admin will require significant more effort, will add to my nice-to-have list.