Slack Permissions

The Slack adapter requires different scopes and tokens for fetching different asset types.

General

Asset Type (if available)	Scope(s)	API Endpoint(s)	Token
Users	users:read	https://docs.slack.dev/reference/methods/users.list/ https://docs.slack.dev/reference/methods/users.info/
	admin.users:read	https://docs.slack.dev/reference/methods/admin.users.list/	Admin token is required to fetch Slack users with an Enterprise token
	admin.teams:read	https://docs.slack.dev/reference/methods/admin.teams.admins.list/ https://docs.slack.dev/reference/methods/admin.teams.list/	Admin token is required to fetch Slack users with an Enterprise token
	channels:read, groups:read, im:read, mpim:read	https://docs.slack.dev/reference/methods/conversations.list/ https://docs.slack.dev/reference/methods/conversations.members/
	admin	https://docs.slack.dev/reference/methods/team.billableinfo
	users:read.email	https://docs.slack.dev/reference/methods/users.lookupbyemail
Groups	usergroups:read	https://docs.slack.dev/reference/methods/usergroups.list/
Accounts, Roles	admin.roles:read	https://docs.slack.dev/reference/methods/admin.roles.listAssignments/	Admin token is required to fetch Slack Roles
Application Resources, User Extensions, SaaS Applications	admin	https://docs.slack.dev/reference/methods/team.integrationLogs/
	admin.invites:read (View a workspace's invites and invite requests)	http://docs.slack.dev/reference/methods/admin.inviteRequests.list - List pending workspace invite requests http://docs.slack.dev/reference/methods/admin.inviteRequests.approved.list - List approved invite requests http://docs.slack.dev/reference/methods/admin.inviteRequests.denied.list - List denied invite requests
	auditlogs:read (View actions from channels, files, apps, user events, and admin events)	http://docs.slack.dev/reference/methods/audit/v1/logs	Only for Enterprise Grid Organization editions
	team.billing:read (Fetch billing information)	https://docs.slack.dev/reference/methods/team.billing.info	Only for Enterprise Grid Organization editions

Fetching Application Settings

Based on the API endpoints defined in SlackSettingsEndpoints, the following OAuth scopes are required to fetch Application Settings.

📘
Note

Some settings can only be fetched from the API on an Enterprise Grid account with an organization-level admin token. If you're using such an account, the following connection parameters are not required: Account Sub Domain, User Name, Password, and MFA Secret. If you're using a non-Enterprise account, these parameters are required to fetch these settings.

Enterprise Grid accounts cannot use Bot Tokens.

Scope(s)	API Endpoint(s)	Token
admin.apps:read	https://docs.slack.dev.reference/methods/admin.apps.approved.list https://docs.slack.dev.reference/methods/admin.apps.config.lookup https://docs.slack.dev.reference/methods/admin.apps.requests.list https://docs.slack.dev.reference/methods/admin.apps.restricted.list	Enterprise Grid with an organization-level admin token required
admin.barriers:read	https://docs.slack.dev.reference/methods/admin.barriers.list	Enterprise Grid with an organization-level admin token required
admin.conversations:read	https://docs.slack.dev.reference/methods/admin.conversations.getCustomRetention	Enterprise Grid with an organization-level admin token required
admin.teams:read	https://docs.slack.dev.reference/methods/admin.teams.list	Enterprise Grid with an organization-level admin token required
admin.users:read	https://docs.slack.dev.reference/methods/admin.users.list https://docs.slack.dev.reference/methods/admin.users.session.getSettings	Enterprise Grid with an organization-level admin token required
admin.workflows:read	https://docs.slack.dev.reference/methods/admin.workflows.search	Enterprise Grid with an organization-level admin token required
calls:read	https://docs.slack.dev.reference/methods/calls.info
channels:read (For public channels data)	https://docs.slack.dev.reference/methods/conversations.info (Public channels) https://docs.slack.dev.reference/methods/conversations.list (Public channels) https://docs.slack.dev.reference/methods/conversations.join
groups:read (For private channels data)	https://docs.slack.dev.reference/methods/conversations.info (Private channels) https://docs.slack.dev.reference/methods/conversations.list (Private channels)
im:read - (For direct messages data)	https://docs.slack.dev.reference/methods/conversations.info (DMs) https://docs.slack.dev.reference/methods/conversations.list (DMs)
mpim:read (For multi-party direct messages data)	https://docs.slack.dev.reference/methods/conversations.info (group DMs) https://docs.slack.dev.reference/methods/conversations.list (group DMs)
channels:write (For joining public channels)	https://docs.slack.dev.reference/methods/conversations.join
files:read	https://docs.slack.dev.reference/methods/files.info https://docs.slack.dev.reference/methods/files.list https://docs.slack.dev.reference/methods/files.remote.info
openid	https://docs.slack.dev.reference/methods/openid.connect.userInfo
profile:read (For user profile access via OpenID)	https://docs.slack.dev.reference/methods/openid.connect.userInfo
email:read (For email address access via OpenID)	https://docs.slack.dev.reference/methods/openid.connect.userInfo
rtm:stream (For RTM API access)	https://docs.slack.dev.reference/methods/rtm.connect
search:read (For search functionality)	https://docs.slack.dev.reference/methods/search.all https://docs.slack.dev.reference/methods/search.files https://docs.slack.dev.reference/methods/search.messages
team:read	https://docs.slack.dev.reference/methods/team.profile.get
users:read	https://docs.slack.dev.reference/methods/users.info https://docs.slack.dev.reference/methods/users.lookupByEmail https://docs.slack.dev.reference/methods/users.discoverableContacts.lookup
users:read.email (To access email field)	https://docs.slack.dev.reference/methods/users.lookupByEmail https://docs.slack.dev.reference/methods/users.info

Enforcement Actions

See Slack Enforcement Actions for the full list or permissions required for Slack Enforcement Actions.

Updated about 2 hours ago