Limit administrator power #6
Assignees
Labels
Comments
gabrc52
added
privacy/security
P3
|
Matrix manages permissions through power levels, so a start is to find out how they work (for room permissions) (this would be best tracked in the moira integration issue (#2). As for the administrators of the server itself, it would be good to implement something like that for administrator actions (things done with the admin API). For things that happen in rooms, events already work as an audit log of sorts. Who would this audit log be visible to? |
This was referenced Jan 14, 2023
Closed
|
|
It is terrifyingly easy for an admin to silently login as any account so uhhh yes. This is important. I'll just think about it when more people join the project. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We want uplink to be managed by a variety of people; we might consider removing problematic features like:
We might also want to add features like:
The text was updated successfully, but these errors were encountered: