Required Permissions

The Slack Connector requires the following permissions and considerations:

  • The service account that accesses the Slack APIs must be an administrator user in the Slack managed system.

  • On Slack-Plus, only the Slack owners can generate a token to use the SCIM API. The account that generates a token must remain an owner to make SCIM updates.

  • Org-wide apps must be installed by an administrator or owner of an Enterprise Grid organization. Additionally, the app must be installed on the entire org, not just an individual workspace.

Slack Business Plus requires the following permissions:

  • User token scopes:

    • admin - Administrator of a workspace.

    • channels:read - View basic information about public channels in a workspace.

    • channels:write - Manage a user's public channels and create new ones on a user's behalf.

    • groups:read - View basic information about a user's private channels.

    • groups:write - Manage a user's private channels and create new ones on a user's behalf.

    • im:read - View basic information about a user's direct messages.

    • mpim:read - View basic information about a user's direct messages.

    • users:read - View the people in a workspace.

    • users:write - Set a user's presence.

  • Bot token scopes:

    • users:read - View the people in a workspace.

    • users:read.email - View email addresses of the people in a workspace.

Slack Enterprise Grid requires the following permissions:

Channel management requires the following permissions:

  • An account must be a Workspace owner or administrator.

  • OAuth requires the following for an account to manage channels:

    • admin

    • admin.users:write

    • channels:read

    • channels:write

    • admin.conversations:read

    • admin.conversations:write

    • users:read.email

    Note
    The channels:write and admin.conversations:write permissions are required only for provisioning operations.

Workspace management requires the following permissions:

  • An account must be a Workspace owner or administrator.

  • Bot and OAuth requires the following for an account to manage Workspaces:

    • admin.teams:read

    • admin.teams:write - Required to make changes on a Workspace.

    • admin.users:read - Required to access a Workspace’s profile information.