moderated Re: Changing email address security issue #misc

Jeremy H

As I mentioned in another thread, the ecosystem is formed of three groups of stakeholders: "Service provider (, Inc, i.e. Mark)", "Group Owners" and "Group Members" - each of whom has a relationship with both of the others. In particular, Group Members do have a direct relationship with Inc, separate from whatever relationship they have with Group Owners. And it is because of their realationship with Inc, that they can be members of groups.

From this it follows, that Group Owners should only be able a Member's settings that are, specifically, part of their membership of that owner's group.

And that any Member Settings that apply to no specific group, or multiple groups, should only be able to be changed by the member, or (if really necessary) by support.

As a user's (Group Member's) e-mail address is used to logon to, and for all messages from all their groups, it follows that only they, or support, should be able to change it. (If they had a separate e-mail-address-for-posts-from-this-group, than that group's owner should be able to change that - but (AIUI) that's not how works)

The one area where this might not apply is for Enterprise groups, which - possibly - can have a different set of relationships, with a group owner, potentiall,y having the ability to prevent their members joining other groups.


Join to automatically receive all group messages.