8

We would like to restrict access to users within a group (Staff) so that they can only see/chat with users from another group (Support) and not each other. We would also like to ensure that users from the Support group can see all those in the Staff group.

Can this be achieved and if so, how?

Phillip B Oldham
  • 1,016
  • 5
  • 15
  • 24

2 Answers2

10

You can do this using the Packet Filter Plugin, which is available by default in the Plugins section of the OpenFire admin. Using this plugin you can block messages between users of the Staff group from chatting with or seeing each other.

I'd post a screen shot and detailed instructions, but it seems like Ignite Realtime's site is down at the moment. I'll post back when they fix it.

EDIT: This works, I just tested it. Here's what you'll do:

  1. Install the Packet Filter Plugin from the "Plugins" tab of the OpenFire admin: Install It!

  2. Make sure you have your "Staff" and "Support" groups set up. I Have Groupies!

  3. Go to the "Packet Filter Rules" under "Server", "Server Settings" Time to Filter!

  4. Create a new rule to Pass Any messages from Group Staff to Group Support: This is the rule!

  5. Then create a new rule to Drop Any messages from Group Staff to Group Staff. You should then have the following two rules: You're Done!

You can optionally enable logging if you wish.

Now, any time a user from the Staff group tries to get the presence of or send a message to any other user from the Staff group, these messages will be dropped and the two will be unable to unable to see or chat with each other. However, messages from the Staff group to the Support group will be passed along.

You could chose in the second rule to Drop all messages from the Staff group if you choose. This will prevent them from communicating with anyone not in the Support group.

I hope this helps!

Josh
  • 9,001
  • 27
  • 78
  • 124
  • This works, I just tested it. Editing my answer now... – Josh Jan 28 '11 at 00:54
  • Works perfectly. Just want to add; doing the same with `presence` means staff can't *see* each-other, either. Which helps against "I can see them, but I can't message them" confusion. – Phillip B Oldham Feb 01 '11 at 10:46
0

How about using a single account for the staff? You can set Openfire to allow accounts to be used from multiple locations. Then, when an user of the Support group will want to reach someone of the staff, the message will be displayed on all clients with the staff account enabled. So nobody of the staff will miss a request and they won't be able to talk each other with this single account.

Laurent Nominé
  • 557
  • 1
  • 5
  • 16
  • Unfortunately this wouldn't work. Messages from support need to be targeted to individual staff members and could contain semi-sensitive information. – Phillip B Oldham Jan 24 '11 at 22:15