I don’t want anyone to upgrade without admin’s approval.
This issue negates literally all security since security settings are not applied to guests. Even if your organization is set so you MUST use SAML to log in, guests don’t have to follow that rule, and guests can self promote, and can invite other guests, and create teams, and do anything they want and there is no way to stop this.
Again, let me reiterate THIS LITERALLY NEGATES ALL SECURITY. GUESTS ARE NOT EFFECTED BY YOUR SECURITY SETTINGS BUT STILL HAVE FULL EDIT ACCESS.
It also appears that while I can turn off public link sharing, I can’t turn off the ability to publish a document publicly to the community site.
Another disaster week, I spend almost one week to remove almost 150 unintended editors from our organization one by one, have to figure out which one really need editor access. The love for figma is gradually fading away. 😩
Sad, very sad.
So there seems to be a solution for this, at least in the professional plan:
If you uncheck that option, then viewers can no longer invite people without your authorization. But the problem then is that developers can no longer export assets 🤦♂️
This won’t solve it. You can’t ask everyone to uncheck it in an org with thousands of members, don’t even say so many members set their files as everyone can edit (this is the main reason that adds some unintended editors). 🤣
All the problems mentioned in this thread are big issues for me as well as an organization administrator. Wish they would be addressed.
I agree it’s cumbersome but you don’t have to uncheck it per member, you have to uncheck it per file.
There are more files than members (10,000+ in our org I guess). Unchecking it one by one is not realistic, don’t even say I can’t uncheck some files even as an admin.
well, I never imagined such a number of files 😅 so I stand corrected
There’s seems to be zero movement on this issue and it really needs to be addressed, have Figma commented on this being looked into?
nope… 🙄
i’ve always had the feeling that if huge companies like Google and Microsoft are using Figma, they
a) don’t have a problem with budget
and/or
b) have their own (expensive) processes to ensure not everybody can edit everything
and/or
c) they have multiple organizations within their organization (which doesn’t really fix the issue
In any case, what’s more annoying about the silence from Figma regarding this topic, is that they don’t even want to share best practices or examples from other companies how to work around it. Probably because it would be like admitting the system is flawed.
In order to work with them, our customers require an ISO 27001 security standard for summary. So unfortunately I can’t push the Figma tool within our teams until a precise management of users and shares is possible.
(And also, not until Figma Token is natively integrated ^^)
All these issues mentioned in this thread are an issue for me too being the one that has volunteered to be the admin for our company, thinking it would not be too much work. Our user group is getting so large now that it is impossible to have control.
A new question that that arose today from a user was “how do I downgrade myself from editor to viewer-restricted?”. This is not possible as far as I know and it should be. If a user realizes they no longer need editor access, but still want viewer access they should be able to downgrade themselves or at least click on a button to ask an admin to do it for them.
Well people, it finally happened. All these missing features, administration bugs and wonky access controls have finally been fixed!
It’s just going to cost you an extra $30 per editor per month.
I just had my WTF! moment figuring this out as well, not the only one it seems. If this is true, and this is how they are going to play this, all goodwill will be out the window. Holy moly talking about being tone deaf.
P.s. although they are ignoring this (specifically created) feedback forum anyway, instead focussing on “the 32 quick wins we heard you ask for on Twitter”. Sigh….
