App permissions

Apps are third-party services that have been granted permission to connect with your Slack workspace. Each app has a unique set of permissions that tell you what information the app can access in Slack, and how that information can be used. Keep reading to get a better understanding of app permissions and how to evaluate them. 

 

Understand app permissions 

An app’s permissions depend on the kinds of things it’s supposed to do. Generally, apps can do three things in Slack: 

  • Post information
  • Perform actions 
  • Access information 

For example, let's say you've installed two different apps to your workspace. The first is a task management app — like Trello or Asana — that helps your team assign and keep track of to-dos. This app may have access to your channels, member profiles, and messages to help you keep track of what's going on.

The second is the Twitter app which helps you keep up with your social activity by pulling notifications from Twitter, but it only has the ability to post messages to a channel you've specified. 

Tip: Only choose tools and services you trust! Before installing, we recommend reviewing an app’s privacy policy.

 

Evaluate app permissions 

There are two things you should consider when evaluating an app's permissions: 

  1. What information an app will have access to in Slack — such as member profiles, channel names, messages, or files.  
  2. What an app can do with the information it can access in Slack — like posting messages, modifying content, or creating channels.

Installed apps

If an app is already installed to your workspace, search for it in the App Directory to see details about who installed it and what the app has access to.

Screen_Shot_2017-07-11_at_10.54.25_AM.png

New apps

When a new app is added to your Slack workspace, you'll be shown exactly the type of permissions it's asking for: you'll see both what it'll have access to and what it can do with that information.

Screen_Shot_2017-07-11_at_12.20.01_PM.png

Caution symbols

When installing an app, the yellow  caution triangle will alert you to important security considerations. Make sure to pay extra attention to what an app is able to do. 

A caution sign may show up in a few different scenarios:

  • An app has broad access to information, such as all messages in public and private channels.
  • An app can act as a user; for example, it can modify messages or create a channel.
  • An app can create a bot user in Slack. 

Bots

Some apps create bot users in Slack. Bots have access to the same actions and information that members have: this means there is a wide range of helpful actions a bot can take, but it also means a bot may have broad access to the information you share in Slack. Make sure to give careful consideration to apps that ask to add bots to your workspace.

 

View access types 

Access types help you understand the kind of information an app can access within Slack.

Workspace Owners and Workspace Admins can use the access type filter in the Slack App Directory for an at-a-glance view of what the apps in their workspace can access. Here's how:

  1. Visit the Slack App Directory
  2. Click Manage in the top-right corner.
  3. Select Apps and use the Access type filter to browse installed apps.Screen_Shot_2017-07-11_at_11.28.49_AM.png

 

Related Articles

Recently Viewed Articles