From e0c6f62618aad8f936cda14eff9ff7b406aec2a6 Mon Sep 17 00:00:00 2001 From: Rishi Gupta Date: Fri, 19 Oct 2018 15:33:09 -0700 Subject: [PATCH] user docs: Update stream-permissions to note message access via bots. --- templates/zerver/help/stream-permissions.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/templates/zerver/help/stream-permissions.md b/templates/zerver/help/stream-permissions.md index 0a08a4799a..31d3f939a5 100644 --- a/templates/zerver/help/stream-permissions.md +++ b/templates/zerver/help/stream-permissions.md @@ -17,8 +17,8 @@ determine who receives a message. There are three types of streams in Zulip. At a high level: * Organization admins can see and modify most aspects of a private stream, - including the membership and estimated traffic. Admins cannot see stream - messages or do anything that would indirectly give them access to stream + including the membership and estimated traffic. Admins generally cannot see stream + messages or do things that would indirectly give them access to stream messages, like adding members or changing the stream privacy settings. * Non-admins cannot easily see which private streams exist, or interact with @@ -26,6 +26,16 @@ At a high level: out whether a stream with that name exists, but cannot see any other details about the stream. +There are two situations in which an organization administrator can access +private stream messages: + +* Via some types of [data export](/help/export-your-organization). + +* Administrators can change the ownership of a bot. If a bot is subscribed + to a private stream, then an administrator can get access to that stream by + taking control of the bot, though the access will be limited to what the + bot can do. (E.g. incoming webhook bots cannot read messages.) + ## Detailed permissions ### Public streams