Slack Permissions Scopes for the Halp Slack App

In order to use Halp, the Slack App needs to be installed by a Slack Admin in your organization. When installing the Slack App, we request access to a series of different permission scopes that enable different functionality. By default, Halp requests the minimum scopes needed for all product functionality. Depending on the security needs of your organization, certain scopes can be excluded and functionality can be limited

In this document, we outline the different Slack permission scopes requested by our App and what functionality they enable. If you'd like to limit the scopes in your Halp installation, please email support@halp.com.

channels:history scope

πŸ”’This scope can be reduced to bot only πŸ”’

Details

The channels:history scope is requested as both a bot scope and a user scope. The bot scope gives access to messages in public channels where the bot has been invited but does not allow access to messages from before the bot was invited. The user scope gives access to public channels where the bot has not been invited as well as historical messages in public channels from before Halp was installed.

Impacts of reducing the permission scope

The channels:history scope can be limited to only a bot scope. The result will be that tickets cannot be created with an emoji in channels where the bot has not been invited, and for public channels tickets can only be made with an emoji from messages sent after the bot has been invited - similar to how private channels work. The Slack Action will still be available to create tickets anywhere in Slack.

im:history scope

πŸ”’This scope can be reduced to bot only πŸ”’

Details

The im:history scope is requested as both a bot scope and a user scope. The bot scope gives access to direct messages between users and the bot. The user scope gives access to direct messages between Agents in Halp and other users in Slack. With this scope enabled, Agents can use an emoji to turn messages from coworkers in DMs into trackable tickets.

Impacts of reducing the permission scope

The im:history scope can be limited to only a bot scope. The result will be that Agents will not be able to use an emoji in direct messages to create a ticket. The Slack Action can still be used to make tickets from direct messages.

chat:write:user scope

πŸ”’This scope can be removed completely πŸ”’

Details

The chat:write:user scope is requested as a user scope. The user scope gives access to send and delete messages from Agents in Halp - not all users in Slack. With this scope enabled, Halp can edit and delete messages from agents when they are modified or erroneous, as well as move tickets between different triage channels for escalations or re-assignments.

Impacts of removing the permission scope

The chat:write:user scope can be excluded. The result will be that deleting/editing messages won't be reflected everywhere and tickets may not be able to move between channels.

bot scope

🚫This scope cannot be removed 🚫

Details

The bot scope is requested. The bot scope enables the core Halp functionality including adding the Halp App to Slack, messages users, etc. This scope cannot be reduced.

Update Q1 2020: Halp is planning to migrate to the new Granular Bot Permissions but is waiting on a few updates from Slack to make this possible without losing any functionality.

commands scope

πŸ”’This scope can be removed completely πŸ”’

Details

The commands scope is requested. The commands scope enables the addition of the /helpdesk, /halp, /support slash commands, as well as the Slack Action.

Impacts of removing the permission scope

The commands scope can be excluded. The result will be that tickets cannot be made via slash commands or Slack Actions, only via emojis.

reactions:read and reactions:write scope

πŸ”’This scope can be reduced to bot only πŸ”’

Details

The reactions:read and reactions:write scope are requested as a user and bot scope. The bot scope gives access to emoji reactions in DMs and channels where the bot is not invited. The user scope gives access to emoji reactions anywhere in Slack. With this scope enabled, emojis can be used to create a ticket anywhere in Slack, and emoji reactions sync between threads.

Impacts of reducing the permission scope

The reactions scopes can be limited to only a bot scope. The result will be that the emoji reaction cannot be used in channels the bot has not been invited to.

users:read and users:read:email scope

🚫This scope cannot be removed 🚫

Details

The users:read and users:read:email scope are requested as a user scope and bot scope. These scopes enable Halp to set the requester name and email when a new ticket is created. These scopes cannot be removed.


How did we do?


Powered by HelpDocs