Limiting Bulk Update Capabilities
P
Patrick
There are not many vulnerabilities or concerns for us within smartsuite. There are some many awesome things in place, bulk the bulk update feature does pose a potential threat.
For example. If a potential employee at one point would want to sabotage the company for whatever reason. The bulk update feature would allow them to do that.
The could bulk update thousands of records and delete media in it, which can't be restored. If that didn't happen, but they deleted them, it would still be a manual process of restoring each individual one.
My suggestion would be to make bulk updating only possible at set permission levels.
So only account managers or even solution managers could even be capable of bulk updating records.
Activity Feed
Sort by
Jon Darbyshire
Hello Patrick! I have a few more questions for you:
- What specific permission levels do you suggest for allowing bulk updates?
- Are there any specific scenarios where bulk updates are necessary for lower permission levels?
- How frequently do you use the bulk update feature, and what types of updates are typically performed?
P
Patrick
Jon Darbyshire
- I would suggest the account owner, account Administrator being able to control bulk update options - maybe the account owner would want all levels to be able to do this.
- I am sure there is and that could depend on the individual smartsuite account
- I use bulk update on a daily basis, Updating status, records, fields...etc
I use it a lot.
The biggest thing is that I see the potential for someone else to make a massive impact with bulk update. A Standard employee could delete 50,000 records and that would mean 50k times someone would have to restore them.
Or deleted 50K pieces of media - and that would just be lost.
Or change 10k statuses, trigger 20k automations...etc
And I would have no way of preventing them to do that.
But if someone wasn't able to do those actions through bulk, damage would significantly be minimized.