Inactive user report management

[matteoperazzolo]

Prerequisites

• I have read the contributing guidelines
• I have searched existing issues for duplicates or prior discussions
• I have attempted to reproduce the issue on try.globaleaks.org

What version of GlobaLeaks are you using?

5.0.25

On which distribution/version is GlobaLeaks installed?

No response

What browser(s) are you seeing the problem on?

No response

What operating system(s) are you seeing the problem on?

Linux

Describe the issue

Good morning everyone,

I need your support regarding two issues related to report management.

A user who was handling some reports has recently left the organization. Some of these reports are still open and assigned to their account. I would like to know how to reassign them to another user while ensuring data integrity and privacy.

Additionally, I have an account that manages user access to the reports. Is it possible to configure it so that, once access is granted, this account can no longer view the reports, for privacy reasons?

Thank you in advance for your support.

Kind regards,

Proposed solution

No response

[evilaliv3]

Thank you for your question @matteoperazzolo

Reports are delivered to end users (recipients) in a way that try to be a perfect full end2end encryption this means that only users with access to a report can today grant access to other users (if administrators give them the possiblity to grant access to other users that is apermission that administrators can assing).

In addition to the permission of grant access to an other users, administrators can grant recipients the possibility to transfer their access to an other user. Idf arecipients transfer the access of one report a an other user the first user will lose also the access to the report in first place (that is what you are looking for).

You can ask the user to do this operation, or if you administrator is enabled to change user passwords you can change the password and access to the account, eventually reconfiguring it and assigning it to a new user.

[evilaliv3]

Thank you @matteoperazzolo for your feedback.

If the user is into the system, currently the system allows recipient to pick them even if they are disabled. We might ameliorate this for the future but you do not have workarounds at the moment.

What you could do is to:

• update to current version 5.0.85
• delete the user that you have disabled

On version 5.0.85 in fact, even if you delete the user comments will be visible as performed by "Recipient" (in place of the name of the original user.
If you want to proceed with this (that i recommend) you could wait for release 5.0.86 that we are publishing today that has some very good accessibility fixes.

[matteoperazzolo]

Thank you @evilaliv3
I'll ask you another question, they also asked us how the custodian user works. I didn't understand much, can you tell me better what it is for and what it could be used for?

[evilaliv3]

Thank you for the question, but please do not misc topics and use separated tickets. Thank you for your understanding!

You could read about the custodian functionality here: https://github.com/orgs/globaleaks/discussions/3937

Shortly we will provide full documentation for the matter.

[matteoperazzolo]

Hello @evilaliv3 ,
Is it normal that I get this error when I try to update?

[evilaliv3]

Hello @matteoperazzolo , the error reported is related to the update of your system and specifically to the repositoty of debian used in your setup/provider.
It is not related to the Globaleaks software.
We invite you to check with your provider or system designer.
Again, thank you if you could separate tickets by topic.