Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-103297

As an account admin, I'd like to ensure account users have matching business email addresses

Details

    Description

      Motivation
      This is primarily for security purposes. When 2B power user adds an existing user, he should not be able to browse the directory of all account users. This would be a major privacy/NDA violation. We will only allow the 2B power user to browse other users with valid domains.

      When 2B power users create a new user, he should not be able to try creating users with any domain. Otherwise he can "check" to see if certain users exist in the system. For example, if Liferay's Help Center was using self-service accounts, allowing a Bank of the West 2B power user to try creating a a user with [email protected] would potentially confirm whether Bank of America is also a customer (which violates NDA).

      Requirements

      Future Considerations
      We should consider adding support for matching domains with wildcards. It's possible that an account will use multiple subdomains or extensions (e.g.: @liferay.com, @liferay.es, @help.liferay.com). Customers may want to configure a wildcard match like @.liferay.. For now, we will require each domain to be explicitly listed.

      Attachments

        Issue Links

          Activity

            People

              patricia.perez Patricia Perez
              pei-jung.lan Pei-Jung Lan
              SE Support SE Support
              Kiyoshi Lee Kiyoshi Lee
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Packages

                  Version Package
                  7.3.0 CE GA1
                  Master