Currently a user who is a viewer only for a given product does not have the ability to create notebooks (which is good) but they do have the ability to generate custom reports and export as a CSV. While the ability to generate custom reports is useful, there is a security concern with being able to export as a CSV as this would allow for example:
- the ability create a custom report that grabs all strategic information for a product
- Quickly export that CSV
To limit these security concerns - a viewer should not be able to export the data; this should be limited to a contributor at a minimum.
|Release time frame|
Thank you for the request. Currently, viewers have access to view and access information in Aha! (but do not have the ability to edit information -- which is primarily permitted to Contributors and Product owners).
Based on the example use case you mentioned, we would suggest that this user not be made Viewers of the product, as it seems that they should not be provided access. You may consider creating a Notebook with the information that they are allowed to view, and share the Notebook URL with the user (vs. providing them with an account in the application).
At this time, we do not have plans to make updates in this area. We hope you can understand.