Which feature requires what permissions in the Slack integration
When you enable Slack, you will have two options;
Full Permissions - Enable all permissions, this will allow you to use every feature of the Slack integration without restriction.
Required permissions - Only enable the permissions required for the features you'd like to use. To do this, you will need to toggle on all the features you wish to enable, then, enable the Slack integration. You can find out more about setting this up by clicking here.
| Feature | Bot Scope(s) | User Scope(s) | Requirement |
| Default (Will always be required) | chat:write, app_mentions:read |
For replying to @ in the chat | |
chat:write.public |
Write to public channels without being added to them first | ||
users:read |
Access to users.list | ||
| users:read.email | To map Slack users to employees | ||
channels:read, groups:read, im:read, mpim:read |
For conversations.info channel listing | ||
im:write |
For conversations.open when we direct message | ||
channels:join, channels:manage |
For conversations joining (public channel joining) | ||
| Slack Phishing | users:read, users:read.email, users.profile:read, |
To read user profiles for names/icons & mapping users to employees | |
channels:history, groups:history, im:history, mpim:history |
Ready message history in all channels, groups, etc | ||
chat:write.customize |
To send with a different name/icon | ||
| MFA Syncing | users:read, users:read.email, users.profile:read |
To read the has_2fa flag on users and map them to employees | |
| Access Log Syncing | users:read, users:read.email |
To map Slack users to employees | |
admin |
To use team.accessLogs | ||
| Message Scanning | users:read, users:read.email |
To map Slack users to employees | |
channels:history, groups:history, im:history, mpim:history |
To receive message events | ||
chat:write |
To delete the message | ||
| Message Reporting | commands, channels:read, users:read, users:read.email |
To add our context menu item | |