Understand app permissions
Apps are third-party services that you can connect with your Slack workspace. Each app has a unique set of permission scopes that tell you what information the app can access in Slack and how it can use that information. Use this guide to better understand app permissions and how to evaluate them.
App permissions overview
An app’s scopes depend on the kinds of things it was built to do. Generally, apps can do three things in Slack:
- View information
- Post information
- Perform actions
For example, let's say that you've installed two different apps to your workspace – Google Calendar and Twitter. The Google Calendar app helps your team to manage their calendars and respond to meeting invitations in Slack. The app may have access to your channels, member profiles and messages to make sure that meeting updates and event notifications end up in the right place.
The Twitter app helps members of your workspace to stay on top of your company's social activity by pulling notifications from Twitter into Slack. This app only has the ability to post messages to specific channels.
Evaluate app permissions
There are two things that you should consider when evaluating an app's permissions:
- What information the app will have access to in Slack, such as member profiles, channel names, messages or files.
- What the app can do with the information that it can access, such as post messages, modify content or create channels.
If an app is already installed to your workspace, search for it from the Installed apps tab on your workspace's Apps page in the Slack App Directory to see who installed it and what information the app can access.
Before you install an app or approve an app installation request, you'll see a full list of permissions that the app is requesting, including what information it can view and what actions it can take in your workspace.
Apps can take actions on behalf of a user or on behalf of the app. For example, an app may request permission to access messages in channels that a user belongs to or post messages on their behalf. Apps can also take actions independently of users, such as adding slash commands or posting messages as the app.
Some apps create bot users in Slack. Bots can access the same information as workspace members, and may be able to take the same actions that members can.
If an app that you're installing requests the bot scope, that means it's an older app that may have access to a wide range of actions and information in Slack. Newer apps will request a narrower set of scopes that allow bots access to specific actions and information, regardless of whether an app has updated its bot user or not.
View access types
Access types help you to understand the kind of information that an app can view in Slack. Workspace owners and admins can filter apps by access type from the Approved apps, Restricted apps or Installed apps tabs on the Apps page in the App Directory:
From your desktop, click on your workspace name in the top left.
- Select Settings & administration from the menu, then click on Manage apps to open the App Directory.
- Click Apps at the top of the left sidebar.
- Select a tab at the top of the screen to view Installed apps, Approved apps or Restricted apps.
- Click on the drop-down menu below Access types to view apps with different access types.