Prevent admin from accessing channels.

seppo

• March 18, 2021 17:04
• Edited

I know this seems counter-productive, but for the sake of user privacy on my server, it would be nice to be able to setup categories, chats and voice channels with something like a "block admin access"-flag so that owner and admins cannot access the channels.

Obviously admins would have access to change these permissions, delete, add themselves in or whatnot, but with the safeguard of a notification feature that lets the users know when/if admins have accessed the room (as the only way to do so would be changing permission/roles). Additionally this could also prevent admins from reading chat history for rooms with this flag on when they do change their own or groups settings. Maybe as a secondary, sub-setting to the first flag. So even when they do access the chat, admins/owner won't be able to see what was there.

Again, I know this is somewhat counter-productive in the sense that admins should be able to administrate, but as an optional flag that could be set for certain permission-groups/channels, I would appreciate this option for my server. Also lets users feel more comfortable talking about whatever privately without worrying about admins popping in.

3

• 

  Vast Gorgon

  • March 18, 2021 20:15

  Hello seppo,
  
  This isn't a bad idea, however, if you were an admin of a server, you would have full access to all private channels. Same as people with admin permission access. It's unlikely that someone would keep a channel away from the admins, but don't fret.
  
  Cheers,
  Vast Gorgon

  0
• 

  seppo

  • March 19, 2021 02:02

  I am a owner of a server, small, like 70ish users where I know everyone. No big community thing. I had 3 other admins that I've since tried to setup without actually using the admin option. This has worked to prevent the other admins from accessing the private channels while almost being full admins, but I cannot lock myself out of these channels.

  It's a minor detail, but just for the sake of actually being able to give the different teams their own private rooms without having to worry about me snooping about, I'd like to be able to actually block my own access to those channels.

  I understand its a niche and not a common use case, but the option to do this would still be nice... In the rare case someone wanted to do this

  0
• 

  GproGamer12

  • March 19, 2021 06:08

  Buena idea, asi evitamos el administrador y evitamos los raideos

  0
• 

  DCCarter

  • January 07, 2022 15:24

  I remain interested in this. We're working on a web3 community space for our collaborators, and there is a distinct desire to configure a category or channel that I shouldn't, as an administrator, be able to access.
  
  One option I'm considering is making the Server Owner a NON-HUMAN account; and configuring a notification service that reports in a text channel every single thing (including visiting channels) that user does while logged in.
  
  It would be awesome if Discord had a feature that allowed the server owner/admin to explicitly remove themselves from being able to see the contents of a channel (with the recognition that as owner, they COULD change those permissions)
  
  The idea might be (Extreme Private Channel) where the user with a role that allows the creation with administrator approval, to create admin excluded channels.
  
  

  1
• 

  biglep

  • February 09, 2022 00:12
  • Edited

  I completely agree on this. 

  Context: I'm involved in a business moving out of Slack to Discord so we are closer to our users.  We will be using Discord for HR matters including hiring decisions. 

  Requirements:  I want to make it so only invited people have access to a given private channel, and if someone other does access it like an Administrator or Server Owner, I want that to show up in the "Audit Log".  

  Additional thoughts/ideas:

  In the Slack world, I believe our IT Admin could theoretically access any Slack channel, but there would first be a message to the channel that he/she joined the channel.  That level of transparency was enough to ensure no channel was being snooped on.

  It seems like until then, our best fallback is to have the Service Owner and users with Administrator permissions to be a separate account that isn't used day-to-day on the server (e.g., super-user).  That way if I come online as "super-user", everyone can at least see that the "super-user" administrator is logged in.  We can even establish a convention where a "super-user" writes to a channel what they are doing.  There are still holes though:

  1. A malicious "super user" can set themselves to "Invisible" and thus be undetected.
  2. There is no way to track/audit what a "super user" actually did (e.g., did they read #sensitive-channel)

  I believe we have this issue due to Discord’s permissions model where “Allows” trump “Denies” (see here for more info). This is the opposite of the “explicit deny” approach taken by services like AWS IAM.

  I understand there is always trust when it comes to IT administration.  My hope is that we have a mechanism for more transparency to an administrator's actions.

  0

Please sign in to leave a comment.