The current mindset is security and this term is very fragile in Pipefy. Specifically speaking in terms of members management.
There is no groups of members, apparently even that member included into Pipe you need reflect this access into all tables that you have to make sure that the member can use the pipe.
The topics must be fixed are:
- Groups of member
- Privileges based on groups (or maybe) use integration to Active Directory or similar
- Create logs for every access and action to be reviewed when necessary
- Integrate these logs to permit access from SIEM to compliance reasons
- Use the hash into URL to avoid to get access using this way and get information unduly
There is another things and sincerely this must be reviewed urgently specially in ages of GDPR and LGPD (Brazil equivalent law).
Thanks.