We are a small firm of 10 and we are currently evaluating Mattermost for both internal chat as well as external engagement with our customers.
We have about 50 Customers we provide services to.
It is cumbersome to create Teams for each client, so we plan on one team for customer engagement and have a private channel for each customer. The customer’s staff will then be invited to this channel.
All is well and good.
Unfortunately we just noticed that channel members can view all members of the team, even those outside their channel. Meaning our customers are able to view each other. This is not a good situation.
We also notice that they can send DMs to users outside their channels.
We have hidden full names and emails, but the user names are still available and can be sent DMs. This is a very scary situation.
Does anyone have a means of restricting user visibility to only users on the same channel? This will be most appreciated.
Hello @olamide2 - there are some mitigations but unfortunately this is not a model Mattermost supports. A user as an entity is part of team, and eligible to send DMs to any user within a team.
If you don’t want to create a team-per-client, then one alternative might be to use guest accounts. Add your customers as guests to only a specific private channel. IIRC, guest accounts shouldn’t have permissions to view other members of a team to which they don’t have access to.
If you want to go with the team-per-client approach, you can use TeamSettings.RestrictDirectMessage: Site configuration settings — Mattermost documentation to control whom your users can send DMs to. But even then, users in a team would be able to view all public channels for a team.
I assume the guest option is only available at the paid/enterprise level, that will be impossible for us to afford because of the cost of the guest licenses (50 clients multiplied by at least 4 client staff we engage regularly with…thats 200 guests …$2,000 per month…lol)
This is a defect in the mattermost pricing model they should look at.
Is it posisble to write a plughin to achieve this?
I have already seen a plughin on Github that basically prevents members from sending DMs to each other, howwver they can still see each other.
Would it be a stretch to make this prevent cross channeling member viewing ?
why is it cumbersome to create teams for each client? One of the cool things with Mattermost is, that you can script everything you need with tools like mmctl f.ex., so you could end up with a small shellscript called create-new-customer.sh which will do all the things for you (create the team, create the channels, invite people, invite the customer, etc.) and you could also build another script that will then tear down a customer if you do not need it anymore (archive the channels, delete/disable the customer accounts, move the channels to an “archive” team, delete the team), etc.
I could help you with the scripting, if you want, just let me know what parameters are relevant for you and what your workflow looks like.