Authenticated Users Can Remove/Change Password in Secured Domain

Hi guys, I followed the installation secured domain for jitsi-meet and I’m able to add users with prosody so every time there’s a video conference they need to login using the created account before accessing the room. The only problem I see each user can remove or change the password set by the room creator. Is there any way to restrict other authenticated users from room password change or password removal? I’ve also removed the mod_muc_allowners.lua (deleted in /usr/share/jitsi-meet/prosody-plugins/) but I’m still be able to change and remov the password.

More details:
OS: Ubuntu 18.04.1
Installation: Jitsi quick install package

modules in this directory are just available, if they are not enabled in the config they do nothing at all. Anyway as I understand it, allowners module is useful for the public setup (no authentication) I have never seen any mention of using it in secure domain.

As of your question, it’s by design for the default secure domain setup, all logged-in users are moderators…
I remember having seen quite a few threads about extending the secure domain for keeping the room ‘creator’ as unique moderator. I can’t remember how it’s done but it definitely is an often asked question -> forum search feature.

Tagging @damencho regarding this issue. Hope you can help on this. Thanks