My CEO had a mini-panic attack that a private project in a workspace setup to join by request was visible to employees.
The reason why is that in the iOS mobile app it appears that there are many members in the Executive Team workspace:
(screenshot from my account where I am not a member of the workspace)
However, the additional employees shown to the right of “Executive Team” in the mobile app are actually members of the project “MP Labs - New Office” which resides within this Executive Team workspace.
When viewed from the desktop, it only shows the two executive members.
Similarly, when you click into the team from the iOS app, it shows a bunch of members:
(the mobile app shows 12 members of a workspace where there are only 2)
Even more confusing is that it appears I can add members despite not being a member of the workspace/team.
Wondering if this is a bug, because if so, it’s a pretty big one from a security standpoint.
Hi @Ben_Brenner, thanks for reaching out! It seems that limited access members appear in the list of team members in the iOS app. In order to investigate this further, could you please confirm if you are a member of a project in the Executive Team, for example, the MP Labs - New Office project? Once you confirm this information I’ll escalate this to our product team!
1 Like
Wow that must have been scary indeed!
1 Like
@Emily_Roman I am a member of one project, but not the team.
I think it’s less a bug and more just a UI “quirk” that should be looked into.
It leads one to think the everyone with access to a private project on a private team is a team member when they are not.
Thanks for confirming @Ben_Brenner and apologies for the late follow-up here! Our development team is now aware of this and they are working to find a solution. We don’t have an estimate ETA when this will be implemented but I’ll make sure to keep you posted as soon as I have any updates. Thanks again for your report!
2 Likes
