Sorry, we don't support your browser.  Install a modern browser

Less permissions for invitees#583

In order for folks to access a private wiki, they need to give all the same permissions as though they are creating a wiki. Some users do not wish to give full access to their Google Drive and only want to be able to browse wikis they were invited to. Even the app does not actively access folks’ Drive willy nilly, it is still a valid security concern as folks store all kinds of potentially sensitive info on drive.

Ideally, authentication is instead in two layers:

  • (Default, viewer) No major permissions to sign in and view wikis one is invited to
  • Once a user suggests they want to create or edit a wiki, necessary drive permissions are requested.

Would require handing to ensure a user can switch betwen these two “layers” in the event they want to gain or lose wiki editing/creation features.

Thanks for the consideration!

a year ago

This was a non-starter for me and my org.

See here a forum thread where some other organization has tried to create a wiki via YNAW and now their documentation is unavailable to users.

They describe it as “The right to do whatever they want with you and your firstborn”. For a read-only user who may have many hundreds of personal documents including financial records in their google drive this isn’t really a reasonable thing to ask.

https://www.lostmarble.com/forum/viewtopic.php?t=36931&start=30

6 months ago

I understand the concern around this, it has been raised by a number of people as to why they would not sign up.

I am investigating how to allow a viewer to access a private wiki without requiring drive permissions and have made some progress. I can’t provide a timeline at the moment but it is something that is being worked on and I am aware it is blocking people from signing up.

I’m not sure which forum post you are referring to? They are using a public wiki which doesn’t require user permissions.

6 months ago

Thanks @Grant Kiely for the quick review. Yes after posting I kept researching. The forum post appears to be set up incorrectly, since I have no issue creating a public wiki which requires no login – and so of course no permissions.

6 months ago