Mattermost, Inc.

Block users to their own teams

Hi Team,
Is mattermost a multi tenancy product pls as the opensource version

Rajbps

Do you mean users shouldn’t be able to join other teams on the server?

yes please and not able to add poeple from the server from different teams to theirs

There are a few settings you can use to do that:

Hi amy.blais,

I have those settings set but when a user from a team domain1 clicks on Add New Member to domain1 Team, all the users of the server shows up even the ones that has different domains :frowning:

What Mattermost server version are you on?

Mattermost Enterprise Edition

Modern communication from behind your firewall.

Mattermost Version: 5.4.0

Database Schema Version: 5.4.0

Database: mysql

Would you be open to upgrading to a more recent version? Our most recent version is v5.21.0.

sure can you guide me on the instructions pls
I have this installed on centos 7

Hi amy.blais,

I have upgraded to the latest version as suggested but still have the same issue. Any other ideas please?

Regards,

Rajbps

Are you able to add all those users that have a non-allowed email domain to all the teams (even if they show up in the list of users)?

No I cant but I cant let everyone see them also. This will be for 2 companies, so each company will have its own team and should only view their users. I am looking for a way to stop them to search users on the actual mattermost box itself but just in their own group/team.

How can I achieve that please?

Regards,

Raj

Hi @rajbps

Mattermost is not designed for true multi-tenancy on a single server. The expectation is that “Teams” represent different groups within a single organisation, so while the membership of those teams and access to the channels within them can be locked down, it is assumed that users should be able to direct message each other regardless of what teams they belong to across the server.

Unfortunately, I don’t think Mattermost has full-blown support for the use case you are looking for where the users on all the teams are completely isolated from each other. To get total isolation, you would need to spin up one Mattermost server per tenant.

1 Like

This will be for 2 companies, so each company will have its own team and should only view their users. I am looking for a way to stop them to search users on the actual mattermost box itself but just in their own group/team.

I think in this specific case the best (and simplest) solution would be to spin up 2 separate Mattermost servers.

Thats ok I can do that. Is there any plans for a multi tenancy platform in the future pls?

Hi Grundleborg,

What I am looking for can be done via the Permissions => All members => and remove add team members.

I was able to get the with a trial license key. Can that same option be changed without a key please?

Hi, @rajbps

I came across the What are the fundamental security challenges with Massive, Multi-Tenant Applications (MMTA)? documentation that would explain the concerns that Mattermost has with developing Mattermost as a multi-tenant platform.

To answer the question that you have here:

May I know if you are referring to the usage of Advanced Permissions here? If yes, I would recommend you to subscribe to either E10 / E20 offering of Mattermost.