Admin privileges (broadcasting)

I was wondering if there is any way to set up an Openfire admin with restricted privileges. For an example, I want to give someone the ability to do broadcast messages. At the same time I don’t want them to have full contol of Openfire and I do not want to give the ability for all users in Spark to make broadcast messages.

Is there a way to do this that I might have overlooked?

currently using spark 2.6.3 and openfire 3.8.2

From the documentation of the Broadcast plugin:

Configuration

The broadcast plugin is configured via Openfire system properties. These can be configured under Server/Server Manager/System Properties:

  • plugin.broadcast.serviceName – the name of the broadcast service. If no value is set, the default is “broadcast”.
  • plugin.broadcast.disableGroupPermissions – true to allow any user to broadcast a message to a group. When false, only group members or administrators can broadcast messages to a group. The default value is false.
  • plugin.broadcast.groupMembersAllowed – true to also allow group members to send broadcast messages to groups they belong to. When false, only administrators can send broadcast messages to a group. The default value is true. Note that the property value of plugin.broadcast.disableGroupPermissions can effectively override this value by letting anyone send broadcast messages to groups.
  • plugin.broadcast.allowedUsers – the comma-delimitted list of users allowed to broadcast messages to all connected users at once. When this property isn’t set, anyone is allowed to broadcast messages to all users. Users should be specified by their bare JID (e.g. john@myserver.com)

It looks like the last one will let you specify which users are allowed to use broadcast.

There is no rights based administration system in Openfire. Every admin has full rights. I think there is a ticket for this in the bug tracker, but this is a very complex task to do.

calebtr, this will only work if client is not using its own broadcasting feature. Spark is not using Openfire’s broadcast plugin to send its broadcasts. It just sends many simple messages. So the only thing to forbid that is by using Client Control plugin and disable broadcasts in Spark. But in this case noone will be able to send broadcasts in Spark.

1 Like

Fascinating, thanks!

It is the opposite of what I expect with Spark + OpenFire bundled - especially with the identical icons for broadcast in Spark and the broadcast plugin in OpenFire - but, just exactly what I would hope for if I needed OpenFire to be client-independent.

So this sounds like a solution:

  1. enable Broadcast and Client Control plugins

  2. set Client Control to block broadcasts

  3. set which users are allowed to use Broadcast plugin

  4. teach users to message all@[broadcast].[server]

Unless I am misunderstanding and the Client Control plugin also blocks broadcasts from the Openfire Broadcast plugin?

This should work and Client Control should only block Spark’s internal broadcasting, but how are you going to send messages to all@broadcast.jiveserver? Older Spark had Send a message option i think. Or was it Exodus. I don’t think there is a way in current Spark version. So you would have to find another client, which can, and give it to some users.

I am so busted! Yes, I am on an older Spark.

I closed down and ran the standard 2.6.3 build and I was able to add all@… as a contact, and also one of my groups - both showed up as online with the broadcast plugin enabled, and from the roster I can message that JID.

Ah, that’s clever I remember adding fastpath workgroup’s JID to a shared group and it was showing up online when an agent was logged in i think.

I remember that also, but I can’t get it to work right now. Grant Greenwalt does this work for you?

OK, so I installed client control and the broadcast plugins and set me and another user to be able to do the broadcast under Server/Server Manager/System Properties.

Then under Server/Client Management/Client Features I disabled broadcasting.

That’s how I currently have it configured. I also tried adding the user all@ and it just comes up as pending.

Also would I have to make the user?

Bummer. All I can think is to check the settings (ie plugin.broadcast.serviceName) and make sure the servicename matches all@servicename.servername, and the other settings to make sure you aren’t blocking yourself.

If its not the settings then the plugin maybe isn’t responding. My inkling would be to try restarting the server and/or to disable and re-enable the plugin before restarting.