While the Mattermost server will not disclose any sensitive information, still it is possible to send certain commands to it over the websocket channel in order to retrieve information which might not intended for public attention. One of these commands is the get_statuses
command (overview of the available operations: Mattermost API Reference - Websocket API) publishing online status of users.
Is there any capability for operators of self-hosted Mattermost Servers to limit Websocket API to the extend necessary for the respective business requirements?