Applies to: Mattermost Cloud (all plans), Mattermost Server v10.11 and later
Symptoms: Users can send direct messages and group messages to each other, and no System Console option exists to disable this functionality.
🛑 Problem
Mattermost does not provide a System Console toggle to disable direct messages (DMs) or group messages (GMs). Some organizations require that users communicate only within channels, for example to support anonymous group chat scenarios or to prevent private communication between members.
The setting System Console Site Configuration Users and Teams Enable users to open Direct Message channels with (TeamSettings.RestrictDirectMessage) only controls which users appear in the DM menu in the UI. It does not enforce any restriction at the backend and users can still create DMs via other means.
âś… Solution
There are two approaches depending on your deployment type.
Option 1: DM Disable Plugin (self-hosted only)
For self-hosted (on-premise) deployments, the community plugin DM Disable Plugin by Brightscout provides a cleaner solution. It hides the DM and GM UI elements entirely and blocks DM creation at the plugin level, giving users a clear experience instead of silent failures.
To install:
- Download the latest release from the plugin repository.
- Upload it in System Console Plugin Management Upload Plugin.
- Enable the plugin after upload.
⚠️ Important: This plugin is a third-party community plugin and is not developed or security-reviewed by Mattermost. It is not available on Mattermost Cloud. Cloud instances only support plugins from the official Mattermost Plugin Marketplace.
Option 2: Remove permissions via mmctl (Cloud and self-hosted)
This is the only option available for Mattermost Cloud. It also works on self-hosted deployments.
Remove the create_direct_channel and create_group_channel permissions from the system_user role using mmctl. This prevents all regular members from initiating new DMs or GMs at the backend level. System Admins retain full DM/GM capability.
Install and authenticate mmctl
Install mmctl following the official documentation. Then authenticate to your workspace:
mmctl auth login https://<your-workspace>.cloud.mattermost.com
This prompts for your username and password.
If your workspace uses SSO or multi-factor authentication, password-based login will not work. Use a Personal Access Token instead:
mmctl auth login https://<your-workspace>.cloud.mattermost.com --access-token <your-personal-access-token>
Personal Access Tokens must be enabled in System Console Integrations Integration Management Enable Personal Access Tokens before you can generate one. See Personal Access Tokens for instructions.
Remove the DM and GM permissions
Run the following command:
mmctl permissions remove system_user create_direct_channel create_group_channel
This takes effect immediately. No server restart is required.
Revert the change
To restore DM and GM functionality, run:
mmctl permissions add system_user create_direct_channel create_group_channel
⚠️ Important: Be aware of the following drawbacks before applying this change:
- No user-facing error message: The DM and GM buttons, sidebar section, and Ctrl+K/Cmd+K suggestions remain visible in the UI. When a user attempts to start a direct message, it silently fails with no explanation. Users will not understand why the action does not work unless informed separately.
- Server-wide scope: This change affects all regular members on the workspace. It cannot be scoped to specific teams, channels, or user groups. Every non-admin user loses the ability to initiate DMs and GMs.
- Bot and integration impact: Bots and plugins that create DMs (for example, notification bots, Playbooks, or Calls plugin notifications) also rely on these permissions. If the bot's role inherits from
system_user, its DM functionality will break. Verify which integrations are active and whether they depend on DM creation before applying this change.- Existing DMs are not removed: Users can still read and reply in DM/GM channels that were created before the permission was removed. Only the creation of new DM/GM channels is blocked.
Additional Resources
For more information, see:
Comments
Article is closed for comments.