update configure_system_notifs

DefectDojo · Jan 14, 2025 · fa34c67 · fa34c67
1 parent 5fb0a79
commit fa34c67
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 4 deletions.
diff --git a/docs/content/en/api/api-v2-docs.md b/docs/content/en/api/api-v2-docs.md
@@ -5,9 +5,6 @@ draft: false
 weight: 2
 ---
 
-
-
-
 DefectDojo\'s API is created using [Django Rest
 Framework](http://www.django-rest-framework.org/). The documentation of
 each endpoint is available within each DefectDojo installation at

diff --git a/docs/content/en/customize_dojo/notifications/configure_system_notifs.md b/docs/content/en/customize_dojo/notifications/configure_system_notifs.md
@@ -20,4 +20,23 @@ Both an account’s Personal Notifications and the global System Notifications c
 
 ![image](images/Configure_System_&_Personal_Notifications_2.png)
 
-To set destinations for system wide email notifications (Email, Slack or MS Teams), see our [Guide](../email_slack_teams).
+To set destinations for system wide email notifications (Email, Slack or MS Teams), see our [Guide](../email_slack_teams).
+
+## Template Notifications
+
+Superusers also have access to a "Template" form.  The Template Form allows you to set the default Personal Notifications that are enabled for any new user.
+
+## Where System Notifications Are Sent
+
+System notifications will be sent to:
+- the single email address specified in System Settings (if enabled)
+- any DefectDojo users with accounts and appropriate RBAC permissions
+- the System-wide Slack or Teams account.
+
+As with any notification in DefectDojo, System Notifications will only be sent to users that have access to the relevant data.  So even if Product Notifications are set up System-Wide, users will only receive notifications for the Products that they have access to view.
+
+This restriction does not apply to System Notifications that are sent to a specific Email or Slack channel.
+
+See our guide on [Role-Based Access Control](../../user_management/about_perms_and_roles/) for more information on RBAC and setting permissions.
+
+However, the connected System Email, Slack and Teams accounts cannot apply RBAC as they are not associated with a specific DefectDojo user.  **All selected system-wide notifications will be sent to these locations, so you should ensure that these channels can only be accessed by specific people in your organization.**