Slack Permissions

The Slack adapter requires different scopes and tokens for fetching different asset types.

General

Asset Type (if available)Scope(s)API Endpoint(s)Token
Usersusers:read

https://docs.slack.dev/reference/methods/users.list/

https://docs.slack.dev/reference/methods/users.info/


admin.users:readhttps://docs.slack.dev/reference/methods/admin.users.list/Admin token is required to fetch Slack users with an Enterprise token
admin.teams:read

https://docs.slack.dev/reference/methods/admin.teams.admins.list/

https://docs.slack.dev/reference/methods/admin.teams.list/


Admin token is required to fetch Slack users with an Enterprise token
channels:read, groups:read, im:read, mpim:read

https://docs.slack.dev/reference/methods/conversations.list/

https://docs.slack.dev/reference/methods/conversations.members/


adminhttps://docs.slack.dev/reference/methods/team.billableinfo
users:read.emailhttps://docs.slack.dev/reference/methods/users.lookupbyemail
Groupsusergroups:readhttps://docs.slack.dev/reference/methods/usergroups.list/
Accounts, Rolesadmin.roles:readhttps://docs.slack.dev/reference/methods/admin.roles.listAssignments/Admin token is required to fetch Slack Roles
Application Resources, User Extensions, SaaS Applicationsadminhttps://docs.slack.dev/reference/methods/team.integrationLogs/
admin.invites:read (View a workspace's invites and invite requests)http://docs.slack.dev/reference/methods/admin.inviteRequests.list - List pending workspace invite requests
http://docs.slack.dev/reference/methods/admin.inviteRequests.approved.list - List approved invite requests
http://docs.slack.dev/reference/methods/admin.inviteRequests.denied.list - List denied invite requests
auditlogs:read (View actions from channels, files, apps, user events, and admin events)http://docs.slack.dev/reference/methods/audit/v1/logsOnly for Enterprise Grid Organization editions
team.billing:read (Fetch billing information)https://docs.slack.dev/reference/methods/team.billing.infoOnly for Enterprise Grid Organization editions

Fetching Application Settings

Based on the API endpoints defined in SlackSettingsEndpoints, the following OAuth scopes are required to fetch Application Settings.

📘

Note

  1. Some high-privilege settings cannot be fetched with an API token. These settings require you to provide an Account Sub Domain, User Name, Password, and MFA Secret when connecting the adapter in Axonius.
  2. Enterprise Grid accounts cannot use Bot Tokens.
Scope(s)API Endpoint(s)Token
admin.apps:read

https://docs.slack.dev.reference/methods/admin.apps.approved.list

https://docs.slack.dev.reference/methods/admin.apps.config.lookup

https://docs.slack.dev.reference/methods/admin.apps.requests.list

https://docs.slack.dev.reference/methods/admin.apps.restricted.list

Enterprise Grid with an organization-level admin token required
admin.barriers:readhttps://docs.slack.dev.reference/methods/admin.barriers.listEnterprise Grid with an organization-level admin token required
admin.conversations:readhttps://docs.slack.dev.reference/methods/admin.conversations.getCustomRetentionEnterprise Grid with an organization-level admin token required
admin.teams:readhttps://docs.slack.dev.reference/methods/admin.teams.listEnterprise Grid with an organization-level admin token required
admin.users:read

https://docs.slack.dev.reference/methods/admin.users.list

https://docs.slack.dev.reference/methods/admin.users.session.getSettings

Enterprise Grid with an organization-level admin token required
admin.workflows:readhttps://docs.slack.dev.reference/methods/admin.workflows.searchEnterprise Grid with an organization-level admin token required
calls:readhttps://docs.slack.dev.reference/methods/calls.info
channels:read (For public channels data)

https://docs.slack.dev.reference/methods/conversations.info (Public channels)

https://docs.slack.dev.reference/methods/conversations.list (Public channels)

https://docs.slack.dev.reference/methods/conversations.join

groups:read (For private channels data)

https://docs.slack.dev.reference/methods/conversations.info (Private channels)

https://docs.slack.dev.reference/methods/conversations.list (Private channels)

im:read - (For direct messages data)

https://docs.slack.dev.reference/methods/conversations.info (DMs)

https://docs.slack.dev.reference/methods/conversations.list (DMs)

mpim:read (For multi-party direct messages data)

https://docs.slack.dev.reference/methods/conversations.info (group DMs)

https://docs.slack.dev.reference/methods/conversations.list (group DMs)

channels:write (For joining public channels)https://docs.slack.dev.reference/methods/conversations.join
files:read

https://docs.slack.dev.reference/methods/files.info

https://docs.slack.dev.reference/methods/files.list

https://docs.slack.dev.reference/methods/files.remote.info

openidhttps://docs.slack.dev.reference/methods/openid.connect.userInfo
profile:read (For user profile access via OpenID)https://docs.slack.dev.reference/methods/openid.connect.userInfo
email:read (For email address access via OpenID)https://docs.slack.dev.reference/methods/openid.connect.userInfo
rtm:stream (For RTM API access)https://docs.slack.dev.reference/methods/rtm.connect
search:read (For search functionality)

https://docs.slack.dev.reference/methods/search.all

https://docs.slack.dev.reference/methods/search.files

https://docs.slack.dev.reference/methods/search.messages

team:readhttps://docs.slack.dev.reference/methods/team.profile.get
users:read

https://docs.slack.dev.reference/methods/users.info

https://docs.slack.dev.reference/methods/users.lookupByEmail

https://docs.slack.dev.reference/methods/users.discoverableContacts.lookup

users:read.email (To access email field)

https://docs.slack.dev.reference/methods/users.lookupByEmail

https://docs.slack.dev.reference/methods/users.info

Enforcement Actions

See Slack Enforcement Actions for the full list or permissions required for Slack Enforcement Actions.


Did this page help you?