synapse-admin/docs/system-users.md

# System / Appservice-managed Users

Inadvertently altering system user accounts managed by appservices (such as bridges) / system (such as bots) is a common issue.
Editing, deleting, locking, or changing the passwords of these appservice-managed accounts can cause serious problems.
To prevent this, we've added a new feature that blocks these types of modifications to such accounts,
while still allowing other risk-free changes (changing display names and avatars).
By defining a list of MXID regex patterns in the new `asManagedUsers` configuration setting,
you can protect these accounts from accidental changes.

## Configuration

The examples below contain the configuration settings to mark
[Telegram bridge (mautrix-telegram)](https://github.com/mautrix/telegram),
[Slack bridge (mautrix-slack)](https://github.com/mautrix/slack),
and [Baibot](https://github.com/etkecc/baibot) users of `example.com` homeserver as appservice-managed users,
just to illustrate the options to protect both specific MXIDs (as in the Baibot example) and all puppets of a bridge (as in the Telegram and Slack examples).

### config.json

```json
"asManagedUsers": [
  "^@baibot:example\\.com$",
  "^@slackbot:example\\.com$",
  "^@slack_[a-zA-Z0-9\\-]+:example\\.com$",
  "^@telegrambot:example\\.com$",
  "^@telegram_[a-zA-Z0-9]+:example\\.com$"
]
```

### `/.well-known/matrix/client`

```json
"cc.etke.synapse-admin": {
  "asManagedUsers": [
    "^@baibot:example\\.com$",
    "^@slackbot:example\\.com$",
    "^@slack_[a-zA-Z0-9\\-]+:example\\.com$",
    "^@telegrambot:example\\.com$",
    "^@telegram_[a-zA-Z0-9]+:example\\.com$"
  ]
}
```
add docs/ 2024-11-20 13:36:12 +03:00			`# System / Appservice-managed Users`

			`Inadvertently altering system user accounts managed by appservices (such as bridges) / system (such as bots) is a common issue.`
			`Editing, deleting, locking, or changing the passwords of these appservice-managed accounts can cause serious problems.`
			`To prevent this, we've added a new feature that blocks these types of modifications to such accounts,`
			`while still allowing other risk-free changes (changing display names and avatars).`
			By defining a list of MXID regex patterns in the new `asManagedUsers` configuration setting,
			`you can protect these accounts from accidental changes.`

			`## Configuration`

			`The examples below contain the configuration settings to mark`
			`[Telegram bridge (mautrix-telegram)](https://github.com/mautrix/telegram),`
			`[Slack bridge (mautrix-slack)](https://github.com/mautrix/slack),`
			and [Baibot](https://github.com/etkecc/baibot) users of `example.com` homeserver as appservice-managed users,
			`just to illustrate the options to protect both specific MXIDs (as in the Baibot example) and all puppets of a bridge (as in the Telegram and Slack examples).`

			`### config.json`

			```json
			`"asManagedUsers": [`
			`"^@baibot:example\\.com$",`
			`"^@slackbot:example\\.com$",`
			`"^@slack_[a-zA-Z0-9\\-]+:example\\.com$",`
			`"^@telegrambot:example\\.com$",`
			`"^@telegram_[a-zA-Z0-9]+:example\\.com$"`
			`]`
			```

			### `/.well-known/matrix/client`

			```json
			`"cc.etke.synapse-admin": {`
			`"asManagedUsers": [`
			`"^@baibot:example\\.com$",`
			`"^@slackbot:example\\.com$",`
			`"^@slack_[a-zA-Z0-9\\-]+:example\\.com$",`
			`"^@telegrambot:example\\.com$",`
			`"^@telegram_[a-zA-Z0-9]+:example\\.com$"`
			`]`
			`}`
			```