You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please use the 👍 reaction to show that you are affected by the same issue.
Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
Subscribe to receive notifications on status change and new comments.
Feature request
Since my English isn't very good, an AI helped me write my message in English.
Is your feature request related to a problem? Please describe.
On larger Nextcloud instances (e.g. 200+ users), there is currently no way to restrict who can start video/audio calls without completely disabling the Talk app for those users.
If all users have access to Talk, any user can create a new group conversation and immediately start a video call — including calls with external guests via public links. On a self-hosted server without a High Performance Backend, this can cause significant resource and bandwidth issues, especially if users start using it as a free video conferencing tool outside of the organization.
The only current workaround is to restrict the Talk app to a specific group entirely, which also removes chat functionality for all other users — an unacceptable trade-off in many environments.
Describe the solution you'd like
Add an admin setting that allows restricting the ability to start video or audio calls to specific users or groups, independently of the general Talk app access.
For example:
A new field in the Talk admin settings: "Groups allowed to start calls"
If left empty: all users can start calls (current behavior, default)
If one or more groups are configured: only members of those groups can start calls; all other users can still use Talk for chat and can join calls that were started by an allowed user
This would be analogous to the existing allowed_groups mechanism already used in Talk for other permission scopes.
Describe alternatives you've considered
Restricting the Talk app to a group: removes chat for everyone else — not acceptable
Using per-conversation moderator roles: does not prevent users from creating new conversations and starting calls themselves
Setting default_permissions via occ: controls media permissions within a call, but does not prevent call initiation
Additional context
This feature would be especially valuable for:
Organizations with many users on self-hosted instances without HPB
Medical or regulated environments where communication tools must be controlled
Admins who want to allow broad chat usage while limiting resource-intensive video conferencing to authorized users
The feature should ideally be configurable via both the admin web UI and occ config:app:set.
Tip
How to use GitHub
Feature request
Since my English isn't very good, an AI helped me write my message in English.
Is your feature request related to a problem? Please describe.
On larger Nextcloud instances (e.g. 200+ users), there is currently no way to restrict who can start video/audio calls without completely disabling the Talk app for those users.
If all users have access to Talk, any user can create a new group conversation and immediately start a video call — including calls with external guests via public links. On a self-hosted server without a High Performance Backend, this can cause significant resource and bandwidth issues, especially if users start using it as a free video conferencing tool outside of the organization.
The only current workaround is to restrict the Talk app to a specific group entirely, which also removes chat functionality for all other users — an unacceptable trade-off in many environments.
Describe the solution you'd like
Add an admin setting that allows restricting the ability to start video or audio calls to specific users or groups, independently of the general Talk app access.
For example:
This would be analogous to the existing
allowed_groupsmechanism already used in Talk for other permission scopes.Describe alternatives you've considered
default_permissionsviaocc: controls media permissions within a call, but does not prevent call initiationAdditional context
This feature would be especially valuable for:
The feature should ideally be configurable via both the admin web UI and
occ config:app:set.