Question about permissions, how would you do this?

I am trying to have a user action to send an email notification to another user, similar to this forum where you get an email notification when somebody writes on your post thread.

The problem is, that to do this, I have to allow view permission of the recipient’s email in order to send the email using the Send Email Workflow.

So if I set the user-email field in the USER table to View to “EVERYONE” in order to do this, does that mean that that everyones email is viewable by a hacker even though I am only using it in the “TO” field in the Send Email Workflow?

Send the email as an API workflow and enable something along the lines of “ignore security permissions”.

Will this make things run in the server rather than on the client side and thus protect the other user’s email from being exposed?

This topic was automatically closed after 70 days. New replies are no longer allowed.