We have a field in our org database within Zendesk that determines whether that customer has paid for support services. We have then written some HTML code to check that field and with that determine whether a particular organization should be provided chat capability (part of paid services).
The problem we are having is that gmail users and other "general" email users don't belong to any specific organization and they are able to get chat capability as the HTML checks don't associate them with an org and therefore it's not possible to determine whether they are a paid service customer and should have chat available.
So, my solution was to create an org called "Gmail Users". I set the associated domain to "gmail.com" and then set them as non-paid support and that disallowed the chat capability. Perfect! Problem solved.
Well, this worked for a while and then I realized that the "Gmail Users" org had disappeared from the database. I reinserted it thinking that one of my 4 admins had inadvertently deleted it. After asking the admins, no one admitted to deleting it. I have since had to add back this org multiple times as it seems to be deleted after about a week after I add it.
I realize there is a security vulnerability with doing this as if you set the "User" field in the org database incorrectly, all gmail users who are logged in may be able to see all other tickets opened by other gmail users. Is Zendesk removing the org that I am creating to potentially avoid a security vulnerability?
I opened a ticket on this issue this morning but I really need to get to the bottom of this. Has anyone else experienced this? BTW - I am using Gmail as an example in this post but i have created orgs for "Hotmail Users" and other general email domains and the same thing is happening.
Thanks in advance for any advice on this.
Vous devez vous connecter pour laisser un commentaire.