Recently (as of this writing), Report Template token support for reports was added to Email Assist 2.0.
Admins have the ability to add a report token into an email, allowing end-users to email off a report in ad-hoc emails.
The Problem:
If the Email Configuration setting is toggled on as below:
Users have the ability to add any report out of Gainsight and send it to a customer be it intentionally or on accident send one a customer should not see. The end-user also has a backdoor into seeing other reports they should not otherwise have access to, or remove filters that would show them information otherwise restricted to them.
Reports today can only really be permission controlled by virtue of the permissions set by the dashboard they are placed on (either with sharing groups or individually). But now, if a report is locked behind permissions on a specific dashboard, a CSM who wouldn’t otherwise have access can now add that report to an email and view or send it.
I have confirmed with Gainsight that all reports can indeed be accessed via the token, and I have tested this with a non-super user as well in our Sandbox.
While you can toggle the token mapping off, that is only a partial solution. Toggling that off means you lose the ability to remap any other token as well.
The ask: Similar to the subject line - can we give admins the ability to curate what is available to be used in an Email report token and by who? The bottom line is that we need more control on what reports can be seen/accessed by who. Gating them behind Dashboards is no longer viable.
For example, for a report to be used by Gainsight Sally, you have to mark it as a Quick Insight. This doesn’t allow granularity to restrict reports for different users, but it at least gives admins the ability to opt reports in to that feature.
