Restrict HR case updates from personal emails

Release version: Australia

Updated March 12, 2026

1 minute to read

Use the sn_hr_core.restrict_guest_email property to control whether a user can respond back to a HR case with their personal email.

When the sn_hr_core.restrict_guest_email system property is not set to true, a user can send an email from a personal account referencing the HR case to be included in the worknotes. This could result in minor confidentiality or integrity issues if the personal email is compromised or communicating insecurely. An admin may want to restrict the ability of users to respond to HR cases via their personal email, since they can't be confident of the user accessing the personal email account.

Set the property sn_hr_core.restrict_guest_email to 'true.

More information


Attribute	Description
Configuration name	sn_hr_core.restrict_guest_email
Configuration type	System Properties (/sys_properties_list.do)
Data type	Boolean
Recommended value	true
Default value	<none>
Fallback value	true
Category	Data protection
Security risk	Severity score: 3.5 CVSS score: Low This creates a risk of minor confidentiality and integrity issues because personal email accounts may be insecure or compromised, and administrators cannot verify the identity or security posture of those accounts. Allowing this behavior weakens control over sensitive HR communications and increases exposure to data leakage.
Dependencies and prerequisites	None
Functional impact	This property controls whether or not a reply from a personal email address will update an HR Case. Set to true, any reply from personal email will be added to the case notes. If false, the case and notes will not be updated.