Allow only particular user moderator rights on Secure Domain

We have a custom jitsi installation where everybody needs to be authenticated to create / join a meeting. This results in everyone having moderator rights. Is there anyway to restrict this to only the user that created the meeting?


Are you loading the allowners module?

No. I believe everyone is a moderator because they have all been authenticated.

With Secure domain enabled, it looks like Jicofo uses a different ChatRoomRoleManager which grants moderator role to all authenticated users. With my very minimal experience with Jicofo, I don’t see any config option to easily work around that :frowning:

Shouldn’t be too hard to change that code to get close to what you want, but maintaining custom changes should be a last resort since it will make future upgrades a huge hassle.

Perhaps someone more knowledgeable can offer a more concrete solution. Good luck with this challenge.

Good point!

Yes, I was hoping there will be some sort of work around using perhaps jicofo config (to override its default behaviour) and maybe custom prosody modules that can assign moderator rights to specific users.

Thanks for your reply.

You can disable jicofo setting owners for participants. Not sure whether that will work with secure domain, though.

If it works, then you can move the role management in prosody and add your custom logic in custom module.

Tried setting enable-auto-owner = false. This does not work for secure domain.

Is there an event I can listen to in prosody and override moderator permission set by jicofo there?

Thanks .

Thanks will try this.

This Works !!!

Created a custom prosody module that listens to the events you mentioned. I get the room and occupant information from the stanza and call our API to determine if the occupant is the meeting creator, and if he is not I disable granting owner permission.

Thanks @damencho , @shawn and @saghul for your time.


Awesome! That might make a good candidate for: GitHub - jitsi-contrib/prosody-plugins: Prosody plugins for Jitsi if you feel like sending a PR.

1 Like

Hi I have the same problem as you ( Destroy the room after the last moderator leaves (prosody custom module) - Developers - Jitsi Community Forum - developers & users ), can you help me?

module:hook(“iq-set/bare/”, filter_admin_set_query, 5);
module:hook(“iq-set/host/”, filter_admin_set_query, 5);

And in the function that handles these events I do something as follows. Note the code needs to be cleaned up and could be written better.

function filter_admin_set_query(event)

local origin, stanza = event.origin, event.stanza;

-- If not focus user, do not process. This allows for the moderator to grant moderator rights to any other user
if not string.find(stanza.attr.from, "focus") then
        return nil;

local room_jid = jid_bare(;
local room = get_room_from_jid(room_jid);

local item = stanza.tags[1].tags[1];

if not item then return nil; end;
if not item.attr then return nil;end;
if not item.attr.affiliation then return nil;end;
if (not item.attr.jid) then return nil;end;

local aff = item.attr.affiliation;
    local occjid = item.attr.jid;
    local occbarejid = jid.bare(occjid);
    log("info",  "room_jid.."..room_jid.."; occupdant jid : "..occjid.."; occupant bare jid : "..occbarejid);
    local occ_jid = jid.node(occjid);
	local room_node = jid.node(room_jid);

-– call api and determine if user is creator of meeting
local url = myapi_url…room_node…"/"…occ_jid;
log(“info”, "Moderator check if creator - Posting to "…url);
local isCreator = http_get_with_retry(url, nil);
     if isCreator then
             log("info", "isCreator = "..isCreator);
    if (isCreator == "true")  then
            log("info", "Creator allow moderator role.");
            log("info", "Is NOT creator. DISALLOW moderator role");
             origin.send(st.error_reply(stanza, "auth", "forbidden"));
                return true;

1 Like

A curiosity, have you created your own lua module or have you modified mod_muc_allowners.lua?

Because I tried to modify mod_muc_allowners.lua which I then clearly added among the enabled modules (conference, muc) on the prosody conf file. But I noticed that it conflicts with the Lobby module …

Oh…sorry I did not mention that. I created a new custom prosody module.
I do not have mod_muc_allowners enabled.

OK thank you.
I will try to develop it as soon as I have time. He will update you

I added this module to the folder /usr/share/jitsi-meet/prosody-modules. Enabled it in the “conference.FQDN muc” sector, then restarted all services. Did not work.