Recent searches


No recent searches

Admins should see ALL Dashboards - even if not shared to them

Completed


image avatar

Rusty Wilson

Zendesk Luminary

Posted May 25, 2021

USE CASE: The VP of Support (who is also the admin) needs to see what dashboards have been published to ANYONE so that he/she is aware of what data is being communicated and to whom.

This ability is missing and is a gigantic security hole. What if, for example, by design, or oversight, someone creates a dashboard of all defect tickets and shares that externally to a partner, or worse a competitor. There is absolutely no way to audit this right now.

You MUST give admins the ability to see the list of ALL dashboards - even if that dashboard has not been shared to the admin. Admins may need to adjust sharing or just plain remove them.

THIS IS A GIGANTIC SECURITY HOLE THAT MAKES IT EASY TO LEAK SENSITIVE DATA.


46

39

39 comments

Official

image avatar

Walter Bellante

Zendesk Product Manager

Dear valued customers,
we've listened to your feedback and understand the vital role admins have in managing and overseeing data within our organization.
 
We’ve just enabled the ability for admins to view and edit all dashboards created within your account. 
No more challenges with inaccessible dashboards when a user leaves, or uncertainties about publicly shared data. 
 
You can learn more about the feature here
 
Thank you for your continued support and feedback!

0


100% agree on this one! I get asked questions on reports but do not have access so I have to go through the effort of assuming into them to grant myself access.

Aswell as when someone creates a dashboard but leave the company and we do not know who has access to the dashboard. We have "lost" 3 dashboards so far

5


+1 for this!

2


This would be great, we just got a new admin and are having to share all the dashboards. 

2


image avatar

Rusty Wilson

Zendesk Luminary

I'm not holding my breath. Zendesk has a horrible track record of actually implementing anything said in the community. The fact that I posted this FIVE MONTHS ago and there's been zero acknowledgement from Zendesk isn't filling me with confidence.

The fact that someone can share a dashboard that an admin has no knowledge of is an absolute security risk and thus we can't even use the feature. All it would take is one dashboard share with sensitive information, or personally identifiable information, to the wrong people and now we have a security incident on our hands.

3


Hey Rusty, I hear where you're coming from as far as our responsiveness to product feedback posts has been, and you're not alone. We surveyed community members earlier this year and hear similar things, and as a result, a few months ago we rolled out the process outlined here: Improvements to product feedback in the Zendesk Community. As that article says, we can't promise that we'll respond to every thread or build everything our users request. We have a lot of work ahead of us to respond to longstanding and well-trafficked threads (admittedly a situation we created ourselves), and we appreciate your patience as we do that work. However, given your security concerns here, I'll see if I can get a response.

-2


Those with admin privileges in Zendesk should be able to see all dashboards. Being able to see the queries and then see that those are on dashboards you are not able to access and cannot find the owner to have them share is a point of frustration. 

7


Hi Dave and Zendesk team,

+1 to Rusty's post. I am wondering why we can see all queries, but not dashboards. Admin should be able to see all the dashboard to figure out any duplicated or unnecessary dashboards can be deprecated. 

If we can see all queries, why not for dashboard too? Logically, make sense since queries are tied to some dashboards. Currently, admins need to share the dashboards for other admins to view specific dashboards. We could eliminate the steps if all admins have access to ALL dashboards similar to queries which we can see all of them currently. 

Thanks!

8


image avatar

Ben Wilcox

Zendesk Luminary

This is a pretty good area of frustration to me as well.  I was tasked with looking at a problem with a scheduled dashboard delivery only to find I couldn't find it.  To me it didn't exist.  I had to assume into another admin's account to even see the dashboard existed.  As an admin, we need to be able to see all dashboards, not just the ones we create or are shared with us.

8


+1 on this. We have heard about dashboards that I myself cannot find, only to realize it was one created by a former admin in our tenant. Had to resurrect their account to be able to share them to myself. Also, had to individually share each dashboard to every new admin for them to see it. Admins should have full visibility into the product.

6


image avatar

Rusty Wilson

Zendesk Luminary

... I recently noted yet another data leak of sensitive data... @... - you posted back in Oct of 21 you'd *try* to get a reply on this. I understand you didn't commit to getting a reply, but I really really really would like to know the logic behind admins NOT being able to see all dashboards.

It remains a *massive* *security* *vulnerability*.

I assume it was designed this way for a reason, and perhaps if I (and all the rest of us) understood that reason, we wouldn't be so perplexed by this behavior.

Can you or someone from Zendesk please comment? And if at all possible PLEASE change the behavior so admins have visibility to ALL dashboards.

7


Hey everybody!

Is there any info about the fate of this post? Does Zendesk have this feature request in its roadmap?

I had the problem previously discussed when former admin had to transfer all dashboard accesses to me in order to avoid access lost.

By the way, despite that I'm an admin, I can't track whom agents share internal data with.

1


image avatar

Rusty Wilson

Zendesk Luminary

Zendesk - is this ever going to be fixed? I would think a company in your position would take security exploits much more seriously... 

To reiterate - two scenarios - one "honest mistake", one nefarious.

1. An agent creates and publishes dashabord(s) with all the best intent, but is presenting PII, or other sensitive information unbeknownst to the Zendesk admin or the company's infosec team.

2. An agent seat is compromised (and the odds go up as you have more agents), and a dashboard is created, and published, without any knowledge of Zendesk Admin (and thus infosec) and releases confidential information.

With the potential for such severe ramifications, the lack of response on this is alarming. 

5


Bumping for an update to this.

I also have contacted ZD Support and am told there is no way for an admin to see dashboards which have not been shared with them.

Surely the mapping between User/Owner and DashboardID/DashboardName is in a database, or accessible through the API somewhere.

Rusty Wilson agree with your security related scenarios also.
I'm at the point where I'm temporarily reactivating accounts in order to log in as them to see if the dashboard I am looking for is theirs. It's a whole bunch of guess work and I am yet to find it.

1


+1 from me! I am in the process of cleaning up our fields and data in Zendesk and would like to review all active reports to ensure I don't break them while cleaning up fields. I emailing everyone asking them to share access and/or resurrect old accounts that created dashboards before leaving. This is probably quadrupling the amount of time I have to spend on this clean up project since I am waiting on so many people and purely guessing on which accounts created what dashboards. 

Would love for admin all-access to be in place for Explore!

0


+1 from our instance. 

We have a smaller admin team for our Zendesk, and recently audited all of our existing reporting in Explore. Over a thousand reports with an unknown number of dashboards and it was incredibly tedious to go through with assuming each agent in order to share all the dashboards with myself, despite already having access to all the reports and agent role restrictions on who can create them. The process was even more time-consuming given the need to reactivate downgraded former agent profiles to share dashboards they’d created that hadn’t been touched in years before downgrading the account again. I completely agree with all the comments posted prior to my own, it simply doesn’t make any sense why admins can’t be given access to all dashboards automatically. It'd be wonderful if this feature could be added!

1


Have to add my voice here. I can't believe this isn't the default - how can it be that Admins aren't able to see ALL dashboards? I am being told that the only workaround to this is for me to give the ONE person that has access to a particular dashboard (created by an old Admin) enhanced permissions/a new role so that they are able to share the dashboard to me or others. This is ridiculous and a complete oversight. Both from a security perspective as well as an efficiency perspective. Why should we have to replicate dashboards just because the person that created them is no longer an employee?

0


Still not possible, and there still exists no way to get a list even of Dashboards you own. I was told to hand-copy them all out by Support after waiting 2 weeks for an answer. Management of Dashboards is impossible with these restrictions. 

1


+1 - this is a desperately needed feature, for the same reasons others in this thread have mentioned.

0


I think Rusty is having a major point here with data sharing. It should be taken care of immediately.

 

It is something that should have been thought the second Dashboards were a thing.

 

How can Zendesk be ignoring such a high data breach risk? Anyone having access to dashboard can simply create & share dashboard without admin having a clue about it.

1


Add me to this list. I thought I was losing my mind until it occurred to me that I can't see every dashboard.

0


I concur. Add me to the list.

 

0


image avatar

Chris Wooten

Zendesk Luminary

Need this too please.

0


As an Admin, I also need this. In addition to 'cleaning up' unused Dashboards, I can see some of my reports flagged as being used in Dashboards but they are not in any of mine.

0


Not just to view. To edit, or outright disable/delete the dashboard and report, as well as revoke sharing to specific groups or individuals who should not have access to the information.

0


image avatar

Danielle

Zendesk Luminary

+ 1, this is an essential feature for admin management of explore. 

0


+1 on this

0


This 100 times over

Quite surprised it isn't a built in feature, becomes such a pain to gain access into reports from off-boarded agents from our side. 

Major pain point within Explore.

1


+1 it´s a disaster I need add my Admin Team as default in each board.

1


+1 Zendesk Admins should have access to all dashboards (by default).

2


Please sign in to leave a comment.

Didn't find what you're looking for?

New post