Members management and security


The current mindset is security and this term is very fragile in Pipefy.  Specifically speaking in terms of members management.

 

There is no groups of members, apparently even that member included into Pipe you need reflect this access into all tables that you have to make sure that the member can use the pipe.

The topics must be fixed are:

  1. Groups of member
  2. Privileges based on groups (or maybe) use integration to Active Directory or similar
  3. Create logs for every access and action to be reviewed when necessary
  4. Integrate these logs to permit access from SIEM to compliance reasons 
  5. Use the hash into URL to avoid to get access using this way and get information unduly

There is another things and sincerely this must be reviewed urgently specially in ages of GDPR and LGPD (Brazil equivalent law).

Thanks.

 

 

@Ezequiel Souza Thx for your feedback. We are planning some improvements for member management in 2021. This is for sure a top priority for us! Thx for the very detailed feedback.


Updated idea status NewSubmitted