Firstly, I apologies for hijacking the github issue, since I have the same issue and a potential solution, I didn’t want to create a separate issue and didn’t know this forum existed.
As it is now, it is impossible to set a role as default at signup if it has
knowledge_base.reader and several other permissions for reasons explained in this github issue.
The crux of the problem is that default role at signup is global regardless of the signup channel.
Would it be possible to set separate default roles for different signup channels?
This way, accounts created by agents creating new tickets would still be limited, but accounts created through, web interface or any other available channel could have any permission.
As an example, a company could deploy zammad on an internal network and set agent role as default for web interface since the interface would be inaccessible externally anyway.
Another example would be google auth limited to organization domain, so only people with company email could use that channel to create accounts.
It seems like quite a useful feature to me. Do you agree? Is it doable? Is it worth the time and effort?