Rights and Roles Separation¶
Rights and roles separation for operators in Hotline backend group can be set in several ways:
- Native Telegram rights — basic privileges of group members
EXTENSIONS_ALLOWEDparameter — access to administrative module functionsHIDE_INFOparameter — control of sensitive customer information visibility
Key Roles at Group Level¶
Group Owner¶
Main Characteristics:
- Often also the Hotline connections administrator
- Has full set of rights in the group
- Can add and remove administrators
- Only one who can delete the group or transfer ownership
Group Administrators¶
Group admins differ from regular operators with an extended set of Telegram privileges. For effective work with Hotline, they should be granted the following rights:
- Delete messages — deleting messages in topics
- Ban users — access to
/banand/unbancommands - Invite users via link — inviting new operators via link
- Manage topics — managing topics (opening closed, editing, deleting)
- Add new admins — appointing new administrators (optional)
Be Careful with Delete Messages Right!
When deleting messages in the group, Telegram offers dangerous options like "Delete all messages from this bot" or "Delete all messages from this user". You can accidentally delete the entire incoming message history!
Make sure your administrators understand the risks and act carefully when deleting messages.
Don't Use Remain Anonymous Right
This right makes many Hotline functions unavailable, as it doesn't allow the mandatory binding of actions to a specific operator. Analytics and commands require sender identification.
Operators (Regular Members)¶
For basic work with dialogs, operators need a minimal set of privileges:
- Manage topics — opening closed topics to continue communication with the customer
- Pin messages — pinning important comments with tasks or customer information
Basic Capabilities:
- Sending messages in unclosed topics
- Reading all group topics
- Using basic commands (
/info,/help,/wait,/hold) - Working with internal comments
- Access to interface capabilities (search, notifications, navigation)
Important Features of Topic Groups¶
- All backend group members are operators who can send messages in unclosed topics
- All group members have read access to any group topic
- Everyone has the same set of interface capabilities (search, notifications, navigation)
- Regular operators and admins have different rights to create, edit and delete messages and topics
Bots as Group Members
Besides regular users, Telegram bots can be group members (for example, Hotline setup bot, which is added automatically on connection, or custom bots for integrations).
Public and Private Groups
Topic groups can be public and private. Hotline usually uses private groups for customer data confidentiality, but there are no technical restrictions on group type.
Access to Module Administrative Functions¶
By default, administrative functions of extended modules are only available to the Hotline connections administrator through setup bot @hotlinetg_bot.
To grant access to other operators, use the EXTENSIONS_ALLOWED parameter.
EXTENSIONS_ALLOWED
List of USER_ID users allowed to use important Hotline module functions (broadcast configuration and launch, tag configuration, client base export, etc.).
Default value: available only to connection administrator.
Mass Mailings Module /send¶
- Launching mass mailings
- Creating and editing mailing templates
- Deleting mailings
- Viewing sending statistics
Labels and Segmentation Module /mark¶
- Creating new labels
- Configuring label parameters (AFTER, SENDS, TICKER)
- Deleting labels
- Mass label assignment
Database Export Module /export¶
- Launching topic list export
- Getting CSV file with customer database
Quick Responses Module /say¶
This module is available to all operators without restrictions, as it's used for daily work with dialogs.
Role Recommendation
Grant access to administrative functions only to trusted operators or team supervisors. Mass mailings and database export are sensitive operations requiring control.
Customer Information Access Control¶
By default, all operators in the group have access to:
/infocommand with full information about user and chat profiles- User names in topic titles (as specified in Telegram)
- Profile links of message authors when broadcasting from chats
- Username and phones (if available)
If you need to hide sensitive information from regular operators, use the HIDE_INFO parameter:
HIDE_INFO
Determines what client information is hidden from operators (names, group titles, user links, /info command output).
Default value: NONE (all information is available).
Besides HIDE_INFO, there are parameters for controlling information passing between operators and customers:
Restricting outgoing messages by keywords:
RESTRICTED_KEYWORDS_FRONTEND
Array of prohibited keywords for incoming messages. Messages with specified words are not forwarded to the backend group.
Default value: NONE (no filtering).
Restricting incoming messages by keywords:
RESTRICTED_KEYWORDS_BACKEND
Array of prohibited keywords for outgoing messages. Triggers an error when attempting to send a message with specified words.
Default value: NONE (no filtering).
Advanced filtering via webhooks:
WEBHOOKS
One or more addresses for sending webhooks on system events or custom commands in JSON format.
Default value: NONE (webhooks are not sent).
Rights Setup Examples¶
Small Team (1-3 Operators)
Configuration:
- All operators are group administrators
EXTENSIONS_ALLOWEDnot used (everyone has access)HIDE_INFOdisabled
Suitable for: startups, small projects, high-trust teams.
Medium Team (4-10 Operators)
Configuration:
- 1-2 administrators with full rights
- Regular operators with Manage topics and Pin messages
EXTENSIONS_ALLOWEDcontains IDs of administrators and supervisorsHIDE_INFOdisabled (or enabled for sensitive businesses)
Suitable for: growing businesses with structured processes and defined roles.
Large Team (10+ Operators)
Configuration:
- Clear hierarchy: owner, administrators, supervisors, operators
- Regular operators have minimal rights
EXTENSIONS_ALLOWEDcontains IDs only of management and supervisorsHIDE_INFOenabled for all except administrators- Additional use of
RESTRICTED_KEYWORDS_FRONTENDandRESTRICTED_KEYWORDS_BACKEND
Suitable for: large companies, call centers, outsourcing teams with strict access control requirements.
Related Documentation¶
Medium team (4-15 operators)
Configuration:
- 1-2 group administrators (owner + supervisor)
- Others are regular operators with Manage topics and Pin messages rights
EXTENSIONS_ALLOWEDfor supervisors (access to/send,/mark,/export)HIDE_INFOas needed
Suitable for: growing companies, support services and sales departments with clear hierarchy.
Security Recommendations
- Minimum rights — grant only necessary rights to perform tasks
- Regular audit — periodically review the list of administrators and their rights
- Team training — explain to administrators the risks of dangerous actions (mass message deletion)
- Access control — immediately remove operators from the group when they leave
Team Scaling
As the team grows, review the rights structure. What worked for 3 operators may be unsafe for 10.