Mail permissions granted by default to any ceo or director role.

[muzixa]

Already talked about it in slack. But still can't understand why ceo & director by default can read all corporation members mail. Why the default permissions of corporation ceo & directors can't be similar to ingame permissions? And for security reasons or else grant this permissions manually to selected members (security officer etc.)

[warlof]

it just been design like that and nobody never had anything to say about it :') CEO and Directors got same permissions across the overall corp to which they belongs to.

However, regarding default permissions and in-game, I'm curious to see how you're able to get access to overall all character info :P

it can be changed without that much difficulties => https://github.com/eveseat/web/blob/e3bf23930ea974bd50c319ba56955392433f7d4b/src/Acl/Policies/CharacterPolicy.php#L63

[muzixa]

Maybe im not correctly explain it, im just talking about that corporation CEO by default must have the same permission like ingame. For example - corporation wallet, members location and ship type, corporation market orders etc. But CEO and directrors have no access ingame to reading corporation members mail but in seat they have by default and nothing to do with this.

As for me the right way is to disable this permission by default and if needed give them it in seat manually. For example creating squad CEO and, create role CEOs with such permissions.

Ahh... my english...

[warlof]

so what you mean is CEO shouldn't get any access to characters ?

I never see anybody not giving character stuff to their CEO.

I might understand that certain data shouldn't be automatically granted to director (except mail, I still wonder which one) - but I don't think CEO shouldn't get access to their corporation members information.

[muzixa]

im just think that CEO by default should have similar to game permissions specially because in seat no separate roles to CEO & Directors so not only CEO can read mail, any director can do this i agree for security reason ceo must see it, but why do it by default with no ability to disable it, even if it will disabled by default there is no problem to grant this permission manually

for better understanding - im a member of alliance with 30 corporations, in some corporations there are good friends they trusting each other, many have directors roles for better management but they dont want that each director or ceo have access to their mail

or small corporation with 8 characters and different peoples they are good friends and all have director roles :)

and we have a security officers who like to read mail :)

anyway, if disable it by default then it can be permitted by role permissions, but when it enabled by default there are no options to restrict this :(

[tohuw]

CEOs and directors should not receive implicit permissions. Here's my case for why:

I have a group of members within my corp who share a small alt corp for specialized industry purposes. The CEO and directors of that corp are all alts of normal members within my corp. We want to assure all members that only they + designated people can see their character info on SeAT, whether the character in question is in corp or not. (We require all members to register all characters on SeAT.) I implemented the change the CharacterPolicy.php you mentioned above, but I think such a policy either shouldn't exist, or should be configurable.

Further, from a design standpoint, the principle of least permissions favors explicit vs. implicit permissions wherever possible. It's certainly possible here.

Happy to expand on any of this.

[vo1]

I agree with @tohuw. SEAT users must not receive ANY implicit permissions. Software has ACL support, its better to build a plugin that will map CEO/Director/anyotherEVEgroupname to autocreated group in SEAT that superuser is able to modify as they want. Having anyone reading mails/wallets/industry etc just because CEO can read assets is wrong. EVE is EVE, SEAT is SEAT.

[Crypta-Eve]

I feel that this would be too much of a paradigm shift to change without a major version bump, as the majority of people either rely on or at least expect this behaviour. However, the principle of least permission does hold merit. To that end, would a configuration that allows this behaviour to be disabled suit? (With it defaulting to being enabled to maintain consistent operation with existing expectations).

Also, there is no need for a plugin to replicate this feature, my understanding is that this is a functionality that would be handled by the existing core functionality of 'Squads'.

Also please maintain a civil discussion; just because something does not function the way you expect it to does not make it incorrect.