make administrators able to look into private chats
In corporate environments it is sometimes necessary on legal grounds to check an employees communication. Usually the management asks the IT therefor to deliver ones communication. Currently an administrator is neither able to view the existing private chats from any user nor is there an export function to extract all users content from the database
Our use case is that Managers need to be able to monitor the needs of patients communicating with case managers if a case manager is out sick for the day. The primary admin adds the case manager to the initial patient channel, but what about as new channels are created by patient response? And what if the primary Admin goes on vacation? We don't want to encourage people to share credentials.
only root-level admins, who have access to the database should be able to do this.
In all instances this should be made available, but when enabled there should also be a notice that users are subject to monitoring. Not everyone who runs a corporate environment will pay for Enterprise. And the answer of you should be is not right when the software is easily accessible and integrates with so many outside free pieces of software.
There are HR, Legal, and other reasons it should be made that an admin can easily be able to search other conversations and it doesn't depend on the industry you are in.
Perhaps this option should be put behind another authentication. Before they can go hunting through logs they would need to authenticate again so there's an audit log for that interaction.
Travis Rowland commented
I suggest this feature be added as a plugin, that way it is not a default feature of Mattermost and therefore anyone who requires it can simply install the plugin to enable the feature. I am not opposed to this being considered an enterprise plugin which costs money for those who need it. This will also solve the issue for deployments which require strict privacy as it won't be a built-in feature. This feature is required for corporate environments.
Bob Brandt commented
This needs to happen! In Europe we call it FOI in the States FOIA. It is a legal requirement for any software.
eMobX Chat commented
I am of the view to include this feature. In software industry, we feel all the chats between various in house developers needs to be monitored to see if developers are talking sense or not. Management should have the option to see what their team is discussing.
People objecting to this on privacy grounds should be aware that any administrator (worth their salt) can easily read private chats with a couple of simple queries to the backend database.
People calling for it might well do the same.
Elias Nahum You mean the same way they can already access any data in your environment? If you don't have admins you trust, you've already lost.
If it ends up being implemented, at least notify the user when registering their account that their conversations are monitored *if* the option to do so is enabled in the server config.
I don't see anything intrinsically wrong with implementing this, and I don't think it should be considered an enterprise only feature either.
The trouble is implementing it in a way that informs the users upfront. If the Mattermost instance users are using has this capability turned on then the users should be made aware of it. In the same vein, in situations where this feature was inactive and later activated, users should get a clear indication of the change and the option to scrub their past messages (those posted prior to the change) from the server.
Please don't implement this. In academic environments, student privacy is protected by strong legislation in the United States and Canada. Mattermost could be a significant learning technology - don't add any features that could be used to violate privacy.
This is definitely needed as administrators/owners that host their own services need to be able to ensure that company resources are being used in conjunction with guidelines set forth.
agreed with Patrick. As one can see, this request is flagged as an Enterprise feature. And in terms of complicance, Enterprises do always have to have control over all the data in their business. Especially on self-hosted systems. And you can be sure, fraud unfortunaltely don't happen in public channels.
Patrick Schwarck commented
Well, an Admin's job is to administrate a (IT-)System. If the jobs needs him to enter such chats, he has to be able to do it. Same thing with email: If an admin "has to" open emails, e.g. because the CEO, with the OK by employee organization, or anyone else in charge, made him do so, he has to be able to do so. No Loopholes.
So, to me it is out of question IF he can do it, i do care more about "how" he can do it. I was reading about a process like: "When you join the channel xyz, you are breaking usage guidelines" and the Channel gets a (visual?) response, that someone, not invited is joining, and THIS can not simply been edited by the admin.
Use cases might be: suspicion of fraud, compliance rules, mobbing, what so ever...
This is how enterprise systems should work for me.
Maciej Ciniewski commented
Privacy is not a bug, but a feature. As user I wouldn't like to be supervised or spied by a boss. Thus adding aforementioned feature would keep away many potential users from moving to Mattermost. This is just my opinion, but hope many of you feel the same way.
Elias Nahum commented
I would be very careful with this cause an Admin is just that an Admin, so what about if there is a private channel for Board Members and then the Admin decide to take a peak??