Restrict access to the documents by using Grant access button
The client's feedback:
We’ve reviewed the setting you mentioned regarding access requests, and we understand that disabling it can prevent users from requesting access. However, this does not address the core issue we reported.
To clarify again: when a user requests access to a document and we receive the email notification, simply clicking on the document link in the email (not the “Grant Access” button) automatically grants the requester guest access to our account. This is happening without any explicit approval or confirmation from our side.
This behavior represents a significant security flaw, as access should only be granted when we deliberately choose to approve it, not when we are attempting to view the document ourselves.
We strongly urge you to escalate this issue to your Product and Security teams as it:
Violates expected user behavior and control over document access.
Poses a potential data exposure risk.
Could result in unauthorized individuals gaining access to sensitive internal documents.
Anonymous
shared this idea
Hi,
Thank you for taking the time to leave your request. We have great news – the feature you requested is already available. For more information, please check the video below!