External Users Access

We need to grant some external users (partners, vendors) access to our on-premise Rocket.Chat server.
Now I have idea, that best way to do that is something like:

  1. External user opens in browser our RC FQDN
  2. RC ask external user only for login in same way how it ask login when anonymous user wants to write in public channel
  3. Internal user invite (adds) external user to private chat by his login

But now with current RC access rights settings I can’t do that.
I unchecked all guest rights, but guest still has access to all public chats with its history.

And to guest user become an anonymous user he need one public channel to write a message - to get create login message. That bad for us.

But I want rights like that:

  1. Guest has no access in any way - we don’t need that role and want to prohibit any access to RC for it
  2. Anonymous user gets create account prompt once he connected. Maybe with Login as Anonymous user button on RC login page.
  3. Anonymous user shouldn’t have rights to see any public or private chat until he is invited in that chat
  4. Anonymous user should get normal user access to chat he invited to

How can I do that with access rigths settings? Or code changes needed for all I want?
Thanks!