Article - Reviews

Article - Reviews

Q1 : What is the behavioural of review when a user is invited to review?

Description:

In this article, we are about to see how the review feature in the Prolaborate application is functioned when a user is invited to review and if the user shares his invite URL with another user.

There is an Issue within the Review part of Prolaborate.
When creating a review and inviting reviewers the invited user gets an e-mail with a short URL. If this user send's this e-mail to a other person which is not part of the review, and this other user clicks the link it gives them full access to the review. Prolaborate even tells them they are logged in as the invited user. The not invited user is even able to start discussions under the invited users name, so the other users get an e-mail with started discussion by the invited user while the not invited user started the discussion.

In short
User A is invited for a review,
User B is NOT,
If user B clicks on the click user A received in, he's email,
User B has Full access to the review and is logged in as user A.
User B is able to start discussions as User A

Answer

When we invite a user to review in our Prolaborate application, we add them to the "Invite Collaborate" list in the application. So, once the email is generated, the user who receives the invite will have a session. So, whoever accesses the link will have to register first. For the first-time invited user, their name will appear in the profile.

So, the link sent to the mail should be used privately. Based on that link, if the user did any review actions or created discussions, then this will be updated in the name of the invited user only.

Email Draft

Hi Stas,

Thank you for your patience.

We have investigated your concern with our team, and they have informed us that it is an expected flow of behaviour.

We would like to provide you with more detailed information about the flow.

1. When a user (who is already in the environment) is invited for a review, the user will receive the email, and the URL used to invite that user is specifically generated for that user alone. That's why, when the URL is used, in the profile, the username is shown.

Also, clicking on that URL when a discussion is started or an item is set, reviewed, or approved falls under that username itself, as the URL is generated specifically for that user. So, the user strictly must not share his email with other users.

2. When a user (who is not part of the environment) is invited for a review using the Invite Collaborators option. When a user receives the email using that specific invite URL, he will be asked to register himself first to become a registered user in the environment. If the user declines to perform this registration, then he will be an invited collaborator in the invited collaborators list.

If you have any other questions, please feel free to reach out to us.

Reference

Ticket ID: #9824
Subject: Prolaborate Short URL Review Security Issue
Department: Prolaborate Support

Tags

user invited for review in prolaborate,
review,
review feature,
when user is invited to review url specifically generated,
review in prolaborate,
behavioural of review,
how review feature works


    • Related Articles

    • FAQs - Reviews

      Q1: If a user leaves the organisation and his account is deleted from the environment, who all can change the review status in the Prolaborate environment? Answer As of now, a super admin who is not part of the review can change the status and even ...

    • FAQs – Export Reviews as Report

      Description: Ryan reported FedEx and some of the other SSNA customers are requesting for the feature to Export to Reviews and their discussions as a report. This feature was available in ProlaborateV3 but not in the latest versions of V4. Prolaborate ...

    • Troubleshooting - Reviews

      Reviews in Prolaborate don't begin automatically on the start date Description: The review the user made in Prolaborate on January 23, 2024, was supposed to start on January 24, 2024, but it hasn't started yet. To begin the review, we need to edit ...

    • FAQs - Prolaborate Installation

      Q1:Can you suggest how we may configure Prolaborate using https and port 443. Do you have any links to documentation? Answer You can configure the Protocol and Port settings from Prolaborate Management typically located in C:\Program ...

    • Notification Settings in prolaborate

      Notification Settings Manage your email and in-app notifications using this Notification settings. Individual users can configure the settings as per their needs. By default, Notifications Settings is enabled, and summary emails are set as Daily. ...