Configure user and group visibility(配置用户和组可见性)¶
Member discovery settings in Control Panel allow administrators to control whether users within an organization can discover other users and groups in the same organization. This feature provides enhanced privacy and security isolation by preventing users from seeing other members of their organization.
By default, users in an organization can discover other users and groups within the same organization. Disabling member discovery prevents this visibility while maintaining normal functionality for administrators and application operations.
When user discovery is disabled for an organization, only organization administrators can view other users within that organization.
:::callout{theme="neutral"} Guest members of an organization may also be organization administrators for that organization. For more information on guest members, navigate to enrollments and organization access. :::
:::callout{theme="neutral"} These settings only affect discovery within your organization. To manage cross-organization collaboration, navigate to cross-organization collaboration. :::
Configure member discovery settings¶
Follow the guide below to configure member discovery settings for an organization:
- Navigate to Control Panel > Organization management.
- Find your organization and select Actions > Manage member discovery.
- Configure member discovery settings:
- Discover users: Toggle off to prevent users in this organization from discovering other users in the same organization.
- Discover groups: Toggle off to prevent users in this organization from discovering groups in the same organization.
- Select Save to apply changes.
Consumer mode benefits¶
Configuring private organizations provides significant benefits when operating in consumer mode.
User privacy¶
Consumers cannot see other consumer users, maintaining privacy between different customer accounts. This ensures that users from different organizations or customer bases cannot discover each other's existence.
Group isolation¶
Prevents discovery of internal administrative groups and other consumer-specific groups. Users will not be able to browse or discover groups that are not visible to them.
Security enhancement¶
Reduces information disclosure about organization structure and membership. This limits attack surface by preventing users from gathering intelligence about the organization's structure.
Expected behavior¶
Administrators can see all users as expected, ensuring that administrative functions continue to work normally while consumer users have restricted visibility.
Impact on functionality¶
:::callout{theme="warning"} Member discovery settings do not affect existing permissions or access rights. When user or group visibility is disabled, any logic that depends on a user's ability to access user or group details may fail. Restricted views will continue to work, but any user-defined logic that relies on user or group visibility will not be able to access that information. :::
When member discovery is disabled, features will be impacted as follows:
- Users cannot: Browse or search for other users and groups within their organization.
- Users can: Collaborate with users and groups from other organizations based on cross-organization visibility settings.
- Administrators retain: Full visibility and management capabilities across all users and groups.
- Applications can: Function normally with existing permissions and access patterns.
中文翻译¶
配置用户和组可见性¶
控制面板(Control Panel)中的成员发现(Member discovery) 设置允许管理员控制组织内的用户是否可以发现同一组织中的其他用户和组。此功能通过防止用户看到其所在组织的其他成员,提供了增强的隐私和安全隔离。
默认情况下,组织中的用户可以发现同一组织内的其他用户和组。禁用成员发现功能会阻止这种可见性,同时保持管理员和应用操作的正常功能。
当为某个组织禁用用户发现功能时,只有组织管理员才能查看该组织内的其他用户。
:::callout{theme="neutral"} 组织的访客成员(Guest members)也可以担任该组织的组织管理员。有关访客成员的更多信息,请导航至注册和组织访问权限。 :::
:::callout{theme="neutral"} 这些设置仅影响您组织内部的发现功能。要管理跨组织协作,请导航至跨组织协作。 :::
配置成员发现设置¶
请按照以下指南为组织配置成员发现设置:
- 导航至控制面板(Control Panel) > 组织管理(Organization management)。
- 找到您的组织并选择操作(Actions) > 管理成员发现(Manage member discovery)。
- 配置成员发现设置:
- 发现用户(Discover users): 关闭此选项可防止该组织中的用户发现同一组织中的其他用户。
- 发现组(Discover groups): 关闭此选项可防止该组织中的用户发现同一组织中的组。
- 选择保存(Save) 以应用更改。
消费者模式(Consumer mode)的优势¶
在消费者模式下运行时,配置私有组织具有显著优势。
用户隐私¶
消费者无法看到其他消费者用户,从而维护了不同客户账户之间的隐私。这确保了来自不同组织或客户群的用户无法发现彼此的存在。
组隔离¶
防止发现内部管理组和其他特定于消费者的组。用户将无法浏览或发现对他们不可见的组。
安全增强¶
减少有关组织结构和成员身份的信息泄露。这通过防止用户收集有关组织结构的情报来限制攻击面。
预期行为¶
管理员可以按预期查看所有用户,确保管理功能继续正常运行,同时消费者用户的可见性受到限制。
对功能的影响¶
:::callout{theme="warning"} 成员发现设置不会影响现有的权限或访问权利。当禁用用户或组可见性时,任何依赖于用户访问用户或组详细信息能力的逻辑都可能会失败。受限视图将继续工作,但任何依赖于用户或组可见性的用户定义逻辑将无法访问该信息。 :::
禁用成员发现功能后,各项功能将受到以下影响:
- 用户无法: 浏览或搜索其组织内的其他用户和组。
- 用户可以: 根据跨组织可见性设置,与其他组织的用户和组进行协作。
- 管理员保留: 对所有用户和组的完全可见性和管理能力。
- 应用程序可以: 使用现有权限和访问模式正常运行。