Federation is currently in its final stability and performance tuning phase. While the feature is already suitable for evaluation and non-critical use cases, you may occasionally encounter intermittent behavior as we complete ongoing audits and optimizations. For this reason, we currently recommend avoiding Federation for mission-critical workloads until the final stabilization phase is complete.
Federation employs a hierarchical role-based access control model to ensure secure cross-organization collaboration. Permissions are room-specific and synchronized in real-time across all participating sovereign servers to maintain a consistent security posture.
Federated room governance
By default, Rocket.Chat maps its permission system to match the protocol’s governance rules for federated rooms. Changes to role permissions or custom role definitions can alter this behavior, which may result in room governance differing from protocol defaults.
The following table summarizes the roles available in federated rooms and the level of authority and responsibilities associated with each role.
Role | Authority level | Key capabilities |
|---|---|---|
Owner | Administrative | Full room lifecycle management, including inviting and removing users, assigning or revoking roles, and configuring room settings. |
Moderator | Operational | Maintains room order by managing user participation and updating room metadata such as the room name and topic. |
Member | Contributor | Participates in conversations by sending messages and reactions; does not have access to room settings or role management. |
Viewing Roles
You can view all users and their current roles in the Members panel:
Open the federated room and click the Members icon
.png)
in the room header.The list is organized into three role groups:
Owners appear at the top.
Moderators are listed below the owners.
Members appear under the moderators.
Note on sovereignty:
A globe icon beside a user’s name identifies them as an external/remote entity. Roles assigned to these users are respected by their home server via the Matrix protocol sync.
Managing room authority
Users with Owner privileges can delegate or revoke authority directly through the Members Panel.
Open the federated room and click the Members icon
in the room header.Hover over a user and click the kebab menu (⋮) menu next to their name.
Choose one of the following options:
Set as Owner/Moderator: Elevates the user's authority.
Remove as Owner/Moderator: Reverts the user to 'Member' status.
Remove from Room: Revokes the user's access to the federated conversation.
Each role update is immediately synchronized across all federated servers.
Governance rules & constraints
Only Owners can assign or remove roles.
All new members join as Members by default.
Users with the same role cannot promote or demote each other.
If an Owner promotes another user to Owner, the action cannot be undone by the original Owner unless they retain their own privileges.
If an Owner demotes themselves, they’ll see a confirmation warning (
Losing privileges). This action is permanent unless another Owner reassigns the role.The last remaining owner cannot remove themselves or be removed until a new Owner is assigned. Attempting to do so will display a warning: “This is the last owner. Please set a new owner before removing this one.”
Notes:
Global vs. Local: Global server permissions (Admin/User) do not override these room-level roles.
Latency & Sync: Every role change is broadcasted as a State Event to keep permissions consistent.