Apps are third-party services that have been granted permission to connect with your Slack team. Each app has a unique set of permissions that tell you what information the app can access in Slack, and how that information can be used. Keep reading to get a better understanding of app permissions and how to evaluate them.
Understand app permissions
An app’s permissions depend on the kinds of things it’s supposed to do. Generally, apps can do three things in Slack:
- Post information
- Perform actions
- Access information
For example, let's say you've installed two different apps on your team. The first is a task management app — like Trello or Asana — that helps your team assign and keep track of to-dos. This app may have access to your channels, member profiles, and messages to help you keep track of what's going on.
The second is the Twitter app which helps you keep up with your social activity by pulling notifications from Twitter, but it only has the ability to post messages to a channel you've specified.
Evaluate app permissions
There are two things you should consider when evaluating an app's permissions:
- What information an app will have access to in Slack — such as member profiles, channel names, messages, or files.
- What an app can do with the information it can access in Slack — like posting messages, modifying content, or creating channels.
If an app is already installed on your team, search for it in the App Directory to see details about who installed it and what the app has access to.
When a new app is added to your Slack team, you'll be shown exactly the type of permissions it's asking for: you'll see both what it'll have access to and what it can do with that information.
When installing an app, the yellow caution triangle will alert you to important security considerations. Make sure to pay extra attention to what an app is able to do.
A caution sign may show up in a few different scenarios:
- An app has broad access to information, such as all messages in public and private channels.
- An app can act as a user; for example, it can modify messages or create a channel.
- An app can create a bot user on your team.
Some apps create bot users on your team. Bots have access to the same actions and information that members have: this means there is a wide range of helpful actions a bot can take, but it also means a bot may have broad access to the information you share in Slack. Make sure to give careful consideration to apps that ask to add bots to your team.
View access types
Access types help you understand the kind of information an app can access within your Slack team.
Team Owners and Team Admins can use the access type filter in the Slack App Directory for an at-a-glance view of what the apps on their team can access. Here's how:
- Visit the Slack App Directory.
- Click Manage in the top-right corner.
- Select Apps and use the Access type filter to browse installed apps.