dataCollegechurch
commented
1 month ago I see that the documentation does not indicate view access of a SMS number will limit what shows up in Personalized Communication History block. A note highlighting Personalized Communication History does not respect SMS view access may be helpful.
Description
Out of the box the Personalized Communication History is setup with view access for the following groups.
RSR - Rock Administration (Role) | Allow | Rock RMS (Site) RSR - Staff Workers (Role) | Allow | Rock RMS (Site) RSR - Staff Like Workers (Role)
When we secure SMS Number we typically secure view access for a subset of staff smaller than the all staff. SMS conversations are confidential, so it is important that only people with view access to the SMS number have access to view conversations.
With these settings in place anyone with view access to the Personalized Communication History can view all sms conversations tied to a specific person even when they do not have view access to the SMS number.
Actual Behavior
Personalized Communication History does not restrict visibility to SMS conversations based on SMS view access.
Expected Behavior
Personalized Communication History restricts visibility to SMS conversations (especially the actual content of each message) only when the logged in user has view access to the number that sent the SMS.
Steps to Reproduce
1) Login into Alisha Admin's account on https://rock.rocksolidchurchdemo.com/ 2) Setup a test SMS number
3) Restrict view access to this SMS so that only the Rock Administrator can view it
4) Send a SMS Message from Alisha to Ted Decker
5) Logout and login to another user's account who is not a Rock admin such as Pete Foster
6) Navigate back to Ted Decker's History tab and see that the message is still visible including the message contents
Issue Confirmation
Rock Version
16.5
Client Culture Setting
en-us