You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By design, Matrix doesn't automatically remove a user's power levels when they leave a room, and this is useful as an admin can rejoin a room to regain control without the room becoming "headless".
However, there is currently a risk that when a user is deactivated (e.g. when a server is being decommissioned) they'll remain in the power level list forever, so if a future server is created on the same domain, a malicious user can recreate the MXID and rejoin rooms with the same power level.
We know it's possible to go round changing these manually, but users rarely do, and many aren't familiar with The Matrix Way of storing power levels forever and assume it'll just work like other platforms that revert you to default on departure.
My ask: could we have a version of deactivation (a variant of the admin command, perhaps?) that takes care of other activities like sending a power level change for the user to all rooms they have non-default power levels in? It could even be a (non-default) config option to have this deactivation used automatically when someone deactivates themselves.
The text was updated successfully, but these errors were encountered:
This has been implemented in #571 which is available in our main branch and will be in the next tagged release.
This will be the default behaviour for account deactivations. I didn't think a config option was really that useful, but if manually deactivating a user through the admin room and you specify --no-leave-rooms, it will not drop their power level.
If someone finds a special use-case needed for not having this default behaviour, I can consider a (default enabled) config option.
Also, an MSC for this was made in MSC4165 which I'll notify that we have a server implementation for this now.
By design, Matrix doesn't automatically remove a user's power levels when they leave a room, and this is useful as an admin can rejoin a room to regain control without the room becoming "headless".
However, there is currently a risk that when a user is deactivated (e.g. when a server is being decommissioned) they'll remain in the power level list forever, so if a future server is created on the same domain, a malicious user can recreate the MXID and rejoin rooms with the same power level.
We know it's possible to go round changing these manually, but users rarely do, and many aren't familiar with The Matrix Way of storing power levels forever and assume it'll just work like other platforms that revert you to default on departure.
My ask: could we have a version of deactivation (a variant of the admin command, perhaps?) that takes care of other activities like sending a power level change for the user to all rooms they have non-default power levels in? It could even be a (non-default) config option to have this deactivation used automatically when someone deactivates themselves.
The text was updated successfully, but these errors were encountered: