Slack Permissions

The Slack adapter requires different scopes and tokens for fetching different asset types.

General

Asset Type (if available)	Scope(s)	API Endpoint(s)	Token
Users	users:read	https://docs.slack.dev/reference/methods/users.list/ https://docs.slack.dev/reference/methods/users.info/
	admin.users:read	https://docs.slack.dev/reference/methods/admin.users.list/	Admin token is required to fetch Slack users with an Enterprise token
	admin.teams:read	https://docs.slack.dev/reference/methods/admin.teams.admins.list/ https://docs.slack.dev/reference/methods/admin.teams.list/	Admin token is required to fetch Slack users with an Enterprise token
	channels:read, groups:read, im:read, mpim:read	https://docs.slack.dev/reference/methods/conversations.list/ https://docs.slack.dev/reference/methods/conversations.members/
	admin	https://docs.slack.dev/reference/methods/team.billableinfo
	users:read.email	https://docs.slack.dev/reference/methods/users.lookupbyemail
Groups	usergroups:read	https://docs.slack.dev/reference/methods/usergroups.list/
Accounts, Roles	admin.roles:read	https://docs.slack.dev/reference/methods/admin.roles.listAssignments/	Admin token is required to fetch Slack Roles
Application Resources, User Extensions, SaaS Applications	admin	https://docs.slack.dev/reference/methods/team.integrationLogs/
	admin.invites:read (View a workspace's invites and invite requests)	http://docs.slack.dev/reference/methods/admin.inviteRequests.list - List pending workspace invite requests http://docs.slack.dev/reference/methods/admin.inviteRequests.approved.list - List approved invite requests http://docs.slack.dev/reference/methods/admin.inviteRequests.denied.list - List denied invite requests
	auditlogs:read (View actions from channels, files, apps, user events, and admin events)	http://docs.slack.dev/reference/methods/audit/v1/logs	Only for Enterprise Grid Organization editions
	team.billing:read (Fetch billing information)	https://docs.slack.dev/reference/methods/team.billing.info	Only for Enterprise Grid Organization editions

Fetching Application Settings

Based on the API endpoints defined in SlackSettingsEndpoints, the following OAuth scopes are required to fetch Application Settings.

📘
Note

Some high-privilege settings cannot be fetched with an API token. These settings require you to provide an Account Sub Domain, User Name, Password, and MFA Secret when connecting the adapter in Axonius.

Enterprise Grid accounts cannot use Bot Tokens.

Scope(s)	API Endpoint(s)	Token
admin.apps:read	https://docs.slack.dev.reference/methods/admin.apps.approved.list https://docs.slack.dev.reference/methods/admin.apps.config.lookup https://docs.slack.dev.reference/methods/admin.apps.requests.list https://docs.slack.dev.reference/methods/admin.apps.restricted.list	Enterprise Grid with an organization-level admin token required
admin.barriers:read	https://docs.slack.dev.reference/methods/admin.barriers.list	Enterprise Grid with an organization-level admin token required
admin.conversations:read	https://docs.slack.dev.reference/methods/admin.conversations.getCustomRetention	Enterprise Grid with an organization-level admin token required
admin.teams:read	https://docs.slack.dev.reference/methods/admin.teams.list	Enterprise Grid with an organization-level admin token required
admin.users:read	https://docs.slack.dev.reference/methods/admin.users.list https://docs.slack.dev.reference/methods/admin.users.session.getSettings	Enterprise Grid with an organization-level admin token required
admin.workflows:read	https://docs.slack.dev.reference/methods/admin.workflows.search	Enterprise Grid with an organization-level admin token required
calls:read	https://docs.slack.dev.reference/methods/calls.info
channels:read (For public channels data)	https://docs.slack.dev.reference/methods/conversations.info (Public channels) https://docs.slack.dev.reference/methods/conversations.list (Public channels) https://docs.slack.dev.reference/methods/conversations.join
groups:read (For private channels data)	https://docs.slack.dev.reference/methods/conversations.info (Private channels) https://docs.slack.dev.reference/methods/conversations.list (Private channels)
im:read - (For direct messages data)	https://docs.slack.dev.reference/methods/conversations.info (DMs) https://docs.slack.dev.reference/methods/conversations.list (DMs)
mpim:read (For multi-party direct messages data)	https://docs.slack.dev.reference/methods/conversations.info (group DMs) https://docs.slack.dev.reference/methods/conversations.list (group DMs)
channels:write (For joining public channels)	https://docs.slack.dev.reference/methods/conversations.join
files:read	https://docs.slack.dev.reference/methods/files.info https://docs.slack.dev.reference/methods/files.list https://docs.slack.dev.reference/methods/files.remote.info
openid	https://docs.slack.dev.reference/methods/openid.connect.userInfo
profile:read (For user profile access via OpenID)	https://docs.slack.dev.reference/methods/openid.connect.userInfo
email:read (For email address access via OpenID)	https://docs.slack.dev.reference/methods/openid.connect.userInfo
rtm:stream (For RTM API access)	https://docs.slack.dev.reference/methods/rtm.connect
search:read (For search functionality)	https://docs.slack.dev.reference/methods/search.all https://docs.slack.dev.reference/methods/search.files https://docs.slack.dev.reference/methods/search.messages
team:read	https://docs.slack.dev.reference/methods/team.profile.get
users:read	https://docs.slack.dev.reference/methods/users.info https://docs.slack.dev.reference/methods/users.lookupByEmail https://docs.slack.dev.reference/methods/users.discoverableContacts.lookup
users:read.email (To access email field)	https://docs.slack.dev.reference/methods/users.lookupByEmail https://docs.slack.dev.reference/methods/users.info

Enforcement Actions

See Slack Enforcement Actions for the full list or permissions required for Slack Enforcement Actions.

Updated 4 days ago