The tenant creator or super administrator can set external access permissions for organization members in the admin console. This feature can restrict internal members from:
- •Adding external contacts
- •Sending, receiving messages and audio and video calls to / from external contacts
- •Joining / creating external groups
- •Sending messages to strangers
- 1.Go to Lark Admin and click Security > User Permissions > External access permission.
- 2.On the External access permission page, click Edit at the upper-right corner to add or edit the blocklist and exception list.
- 3.You can select All Members or Some Members and you may block up to 200 members each time. Members added to the Blocklistand Exception List are not limited to object type. You can add up to 1500 members, departments, or user groups.
- •Add exception list members:
- 4.When external access permissions are set, internal members will receive the prompt No external access permission when they try to contact external members.
Why is permission only granted to the super administrator? Can permissions be allocated to other administrators?
Administrator permissions for security management will be divided more explicitly in the feature. Stay tuned!
How do I restrict certain permissions for members across departments?
Create a user group first, and then add selected members to the user group. You can then select the user group when choosing restricted members.
Can I batch delete members on the blocklist / exception list?
Batch delete is not available yet.
If a member is on both the blocklist and exception list, which permissions setting do they follow?
The exception list has a higher priority than the blocklist. If a member is in both, then the exception list will determine the members' permissions.
What are some external access scenarios that cannot be managed by this feature?
This feature currently doesn't manage the following scenarios:
- •Adding external contacts during audio and video meetings
- •Sending emails to external email addresses