How to add a policy enabling only certain people to delete public channels and private groups?


#1

Hi,

We start to evaluate Mattermost and I don’t find a way to prevent deletion for channels and private groups.
Every team member can delete everything. Is there a way to restrict deletion? I did not found anything.


#2

Hi @Montar

Take a look at the RestrictPublicChannelDeletion and RestrictPrivateChannelDeletion settings in the config.json file.

Documentation on these settings can be found in the docs here: https://docs.mattermost.com/administration/config-settings.html?highlight=restrictpublicchanneldeletion

Edit: Note, this feature is part of Mattermost Enterprise Edition E10 and higher


#3

I have made the changes to the config.json file and now my file is like

“RestrictPublicChannelDeletion”: “system_admin”,
“RestrictPrivateChannelDeletion”: “system_admin”,

After this i restarted the mattermost service and even rebooted the server, still a normal user is able to delete any group.

Please Suggest.


#4

Are you using E10 or higher? Those features are for enterprise only AFAIK.

Available in Enterprise Edition E10 and higher

Its also written on the documentation page https://docs.mattermost.com/administration/config-settings.html#policy right after the heading Policy.


#5

Hi @prixone,

I’m not sure who thought (or better: thought not) about these defaults. They are, open speech, stupid. There is not a single piece of software on this planet where any normal dumb user can delete a whole channel / forum / complete group.

I’m looking a long time for an open source chat solution which can run on my own servers with mobile apps support to replace these hated WhatsApp groups for my sports club (non-profit organization, hence the need of open source) where all the coaches, referees, honorary helpers communicate together. I’ve seen Mattermost yesterday, installed it on my server, started playing around with it, loved it!!! - until I found that anyone can completely trash a whole channel/private group even if he is not an admin or the creator of the group. From 100% to 0% in seconds, thought about a major showstopper bug (which it is in my opinion), searched around and then found this thread :frowning:

I’m using a lot of open source software by myself, I also hate having data / communictions in some unknown datacenters, so I have several VM’s with Seafile, Alfresco, Discourse etc. to have things on my machines. Every one has proper defaults or permission options to ensure a user can only do what he’s supposed to.

I understand that you need to move some features to paid plans, but the defaults should not render the software completely useless. A working default would be:

  • Public channels can only be deleted or renamed by a system admin or the channel creator or team admin
  • Private channels can only be deleted or renamed by a system admin or the channel creator or team admin

… and a finer granulation, permission groups per channel, moderation etc. can be moved to paid versions if necessary.

I hope that you and your team will reconsider this … but I’m still shaking my head that nobody in a team which creates such a great software has realized yet that the current implementation is unusable.

So … can I hope this will be fixed in a short term, or do I need to stop putting more time in evaluating Mattermost?

VBR,
Marco


#6

@netmax this has been discussed here https://github.com/mattermost/platform/issues/6320

On another note, AFAIK you’re free to modify the source to suit your needs, you might want to look at the licenses first though, to ensure of what you can do.

If you’re not a developer your self, you can always hire one, to do the changes for you.


From my own point of view(please keep in mind I am merely a contributor to mattermost) the open source version available, considers you’re using it with a private team(thus the name Team Edition), meaning there is no need for closed doors, hence no need to limit who can or cannot delete a channel, further more channels are not completely deleted, they are simple achieved within the database so restoring it, is possible.

Again that is just my point of view of why its that way, but its safer for you to just read the link at the top of this answer.


#7

Hi @netmax,

First, thank you for trying out Mattermost, it’s used by thousands of organizations around the world and the contributors to the project are working every day to make it better. Your constructive feedback and thoughts are welcome on our forums.

Second, I need to say that calling someone who is trying to help you “stupid” is breaking etiquette for our community. It is not okay and I would ask you to avoid doing that in future.

Third, regarding the issue of “channel deletion”, this is a temporary issue due to an unimplemented feature (#5874) of the original Mattermost design, which is the ability to unarchive a channel after it’s been archived by a user.

Because this feature is yet to be implemented, we use the term “delete channel” in the user interface, when nothing is actually deleted. When unarchive exists, it is easy to unarchive a channel someone else has archived.

Fourth, our open source product is Mattermost Team Edition and it is designed for teams. It is not designed for clubs.

Our design assumes a team has shared goals and etiquette for using Mattermost, which includes not deleting and not archiving things someone else created.

If you’re not using Mattermost Team Edition for teams, if it’s for an organization where you don’t have the shared goals and etiquette of a team, then we have Mattermost Enterprise Edition which allows an IT admin to require compliance of non-team users by restricting what they can do in the software. Enterprise Edition also offers non-profit pricing.


#8

Hi,

thank you for your comments on this!

@it33 first of all I need to clearly state that I never intended to offend anyone personally! In the term “they are stupid”, the “they” was intended to reference to “the defaults”, not personally to any people behind Mattermost or any contributors. If it was understood like this I need to say sorry (English is not my native language so maybe my syntax was not clearly expressing this in a right way).

Yes, there are hacks provided by people which have a similar issue like hiding the delete/rename options in the channel menu for non-admins (which are working, but not if someone is using the Mattermost Classic app), instantly restoring deleted channels by database triggers … but that’s basically not what I want in long term. It generates workload for me with each update, and every hack can cause unwanted behavior in future versions.

If the “everyone-can-delete-everything” policy is fully intentional for preventing the use of the Team Edition and push people towards the E10 solution you might consider an intermediate solution which just have the policy issues implemented/fixed, maybe for a one-time fee. From my point of view even for use in the family I’d not like the idea every kid can delete a channel :wink:

The non-profit pricing is an interesting thing which I’m considering. Clearly I have to pay this out of my private pocket as I’m in doubt to get the majority of my club’s board voting for spending money here. These guys are neither technically orientated nor public-cloud “haters” like me and I can hear the words “Nah, if it costs money we can keep using WhatsApp Groups, they are free and working”.

Thanks for getting back to me here … I’ll definitely keep the non-profit plan in mind while I’m evaluating also other solutions. I really like Mattermost. As this policy thing seems to be an issue for many people maybe the team should reconsider this point … I’m sure there are lots of other pro’s for companies to go for the E10/20 plans :wink: