Permissions on an Enterprise Grid organization

On an Enterprise Grid org, member permissions exist at both the org and workspace level. In the tables below, you'll find an overview of org-level permissions. Learn more about roles in Slack, as well as workspace-level permissions.   

Organization policies

Read the tables below to see more of what each role can do!

✓ Available by default.
✷ Only available if an Org Owner/Admin chooses.
✦ Only if an Org Owner/Admin is also a member of the workspace.

  Org Owner Org Admin Workspace Owner Workspace Admin Member
Set display name guidelines   ✦    ✦    
Set default do not disturb mode  ✓   ✦  ✦   
Set custom message retention  ✓   ✦  ✦
Set custom file retention  ✓         
Set who can manage channel posting permissions  ✓   ✦  ✦  
Create and edit user groups  ✓   ✦  ✦
Set edit/deletion policy  ✦  ✦  
Set public file sharing policy  ✦  ✦  
Create a multi-workspace channel on an Enterprise Grid org  ✓   ✦  ✦  ✦ 

Security and access

  Org Owner Org Admin Workspace Owner Workspace Admin Member
Configure single sign-on        
Allow users to change their email address or display name        
Enable mandatory two-factor authentication        


  Org Owner Org Admin Workspace Owner Workspace Admin Member
Connect IDP groups to workspaces or channels  ✓       
Manage a member's account status and permissions  ✓       
Change a member's display name or email address ✓  ✓   ✦  ✦   
Manage email display  
Deactivate a member's account      
Manage domain claiming  ✓         
Create a new workspace  ✓   ✓       
Set workspace discovery and access ✓     
Move channels between workspaces  ✷ ✓   ✓   
Manage multi-workspace channel creation  ✓  ✓       
Manage shared channels  ✓  ✓       
Choose name, URL, and icon  ✓      
Enable calls   ✓      
View workspace analytics    ✓  ✦   ✦
Add custom emoji  ✓ ✦   ✦   ✦
Set Slackbot responses policy  ✓  ✦     ✦     
Delete workspace*     ✦     
Set app management policies        
Approve or restrict apps**    
Use channel management tools** ✓  ✓   

*Specifically, the Workspace Primary Owner.

**Workspace Owners can only approve or restrict apps for their workspace that have not been approved or restricted at the org level.

***Specifically, the Org Primary Owner can use this feature by default. Workspace Owners and Workspace Admins can only manage public channels by default.