Document v11.8.0 membership policies, recommended channels, leave confirmation, and policy simulation #9036
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -62,11 +62,21 @@ You can add multiple rules to a single policy, and each rule can include multipl | |
|
|
||
| Select the **Validate syntax** bar to check the syntax of your rule. If the syntax is valid, the bar will turn green and display a message indicating that the syntax is valid. If there are any issues, the bar will turn red and display an error message. | ||
|
|
||
| Simulate access | ||
|
Member
There was a problem hiding this comment. Should we explain these require enabling feature flags? |
||
| ~~~~~~~~~~~~~~~~ | ||
|
|
||
| Select **Test access rule** to test the rule against your user base to return how many users would be granted access to the channel based on the current rule. Test your rules to ensure the intended scope and avoid unexpected access changes. | ||
|
|
||
| From Mattermost v11.8.0, you can use **Simulate access** to preview allowed and denied outcomes for specific users before saving policy changes: | ||
|
|
||
| 1. Open the policy editor in the System Console. | ||
| 2. Select **Simulate access**. | ||
| 3. Choose the users you want to test. | ||
| 4. Review the allowed and denied outcomes by action, such as joining a channel or uploading and downloading files. | ||
| 5. Adjust the rules before saving. | ||
|
|
||
| Simulation can test draft policy changes before they affect live channel access or file permissions. Detailed rule and attribute information is shown only when the denial comes from the policy or scope you're editing; otherwise, Mattermost may show that access was denied by another policy. | ||
|
Combs7th marked this conversation as resolved.
|
||
|
|
||
| Manage rules | ||
| ~~~~~~~~~~~~ | ||
|
|
||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -40,11 +40,14 @@ Configure access policies | |
|
|
||
| Once enabled, you have multiple ways to configure access policies in Mattermost: | ||
|
|
||
| From Mattermost v11.8.0, admins can configure membership policies for both public and private channels, permission policies for file upload and file download, and simulate policy outcomes before saving. | ||
|
|
||
| **System Admins can:** | ||
|
|
||
| - Create :doc:`system-wide access policies </administration-guide/manage/admin/abac-system-wide-policies>` that can be assigned across multiple channels in the System Console. Membership policies can be applied to both public and private channels, with :ref:`advisory behavior on public channels <administration-guide/manage/admin/abac-channel-access-rules:public and private channel behavior>`. | ||
| - Assign :ref:`individual channel policies <administration-guide/manage/admin/abac-system-wide-policies:define access controls per channel>` to specific channels in the System Console. | ||
| - Define :ref:`permission policies <administration-guide/manage/admin/abac-system-wide-policies:permission policies>` that restrict actions such as file upload and file download based on user attributes. | ||
| - :ref:`Simulate policy outcomes <administration-guide/manage/admin/abac-system-wide-policies:simulate access>` to preview whether selected users can perform actions such as joining a channel or uploading and downloading files before saving policy changes. | ||
|
|
||
| **Team Admins can:** | ||
|
|
||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -15,6 +15,10 @@ Browse channels | |
|
|
||
| From Mattermost v9.1, you can filter the list of channels by public, private, or archived channels, and you can hide all channels you're already a member of. | ||
|
|
||
| .. note:: | ||
|
|
||
| From Mattermost v11.8.0, if your organization uses membership policies, **Browse Channels** may include a **Recommended** filter. Recommended channels are public channels your attributes match. You can still browse and join public channels according to your organization's normal channel permissions. | ||
|
|
||
| .. tab:: Mobile | ||
|
|
||
| 1. Tap the **Plus** |plus| icon located in the top right corner of the app. | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -107,4 +107,14 @@ When you leave a private channel, you must be re-added by another channel member | |
|
|
||
| .. image:: ../../images/mobile-confirm-leave-a-channel.jpg | ||
| :alt: Tap on Leave to confirm your choice. | ||
| :scale: 30 | ||
|
|
||
| Leave a public channel added by a membership policy | ||
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
|
|
||
| From Mattermost v11.8.0, when you leave a public channel you were added to by a membership policy, Mattermost asks you to confirm: | ||
|
|
||
| - Choosing **Leave channel** removes you from the channel. | ||
| - Choosing **Mute instead** keeps you in the channel and mutes its notifications. | ||
|
|
||
| If the channel is already muted, Mattermost shows **Cancel** and **Leave channel** instead of **Mute instead**. | ||
|
Combs7th marked this conversation as resolved.
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -9,7 +9,10 @@ Add members to a channel | |
|
|
||
| Any member of a channel can add other members to public or private channels, unless your system admin has restricted access to do so. | ||
|
|
||
| When a channel has :doc:`attribute-based access controls </administration-guide/manage/admin/attribute-based-access-control>` enabled, you'll see details about which user attributes are permitted access to the channel. Behavior when adding members depends on the channel type: | ||
|
|
||
| - **Private channels with membership policies**: Only users who meet the policy requirements are available to add. | ||
| - **Public channels with membership policies**: Users who match the policy may be shown with a **Recommended** tag, but the invite list isn't restricted by the policy. | ||
|
|
||
| .. tab:: Web/Desktop | ||
|
|
||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Combs7th This sentence is really clunky. Can you please give it another review?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good callout here! I agree.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@claude - Please analyze the sentence above through the lense of Editor Evie, and commit the best possible alternative version that's more clear, concise, and less clunky.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Claude finished @Combs7th's task in 1m 9s —— View job
Editor Evie review — line 23 rewrite
56a7ce9)What was clunky
Through Evie's lens, the original had three issues:
Committed rewrite
Changes: dropped the redundant channel, swapped the second in for of, and replaced the passive "are configured for" with the crisp, accurate "apply only to" — which makes the public/private distinction in the next sentence land cleanly. Also tightened "with different behavior by channel type" → "with behavior that varies by channel type." The
:ref:link is unchanged.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@amyblais @wiersgallak - Do you think that wording clean-up above will suffice?
We will still need a dev review from @isacikgoz as well whenever able.