Slack Permissions Scopes for the Assist Slack App

Updated 2 months ago by Fletcher Richman

Learn about the different Slack permission scopes requested by our app, Assist, and what functionality they enable.
Looking to set up Jira Service Management chat? Visit support.atlassian.com to find guides and more.

To use Halp in Slack, a Workspace Admin needs to install our app, Assist. When installing, the app will request access to a series of different permission scopes that enable different functionality. By default, Assist requests the minimum scopes needed for all product functionality.

Halp (the ticketing system) and Assist (the app) both use the latest version of the Slack API. This means during authorization of the Assist Slack App, we are using Granular Bot Permissions. Learn more about granular bot permissions.

With granular bot permissions, there are two different types of scopes that Assist requests: bot token and user token.

channels:history, channels:join, channels:read

Assist requests the channels:history scope as both a bot and a user token. The channels:join and channels:read scopes are requested as a bot token.

The bot token gives access to messages in public channels and information about the channels where Assist has been invited, but it doesn't allow access to messages from before it was invited. The user token gives access to public channels where the bot hasn't been invited, plus historical messages in public channels from before Assist was installed.

im:history, im:read, im:write

The im:history scope is requested as both a bot and user token. The im:read and im:write scopes are requested at bot token.

The bot token gives Assist access to direct messages between users and the bot. The user token gives access to direct messages between agents in Halp and other users in Slack. With this scope enabled, agents can use an emoji to turn messages from coworkers in DMs into tickets.

mpim:history, mpim:read, mpim:write

The mpim:history, mpim:read, and mpim:write scopes are requested as both bot and user tokens. These give access to group messages between users and the bot. The user token gives access to group messages between agents in Halp and other users in Slack. With these scopes enabled, agents can use an emoji to turn messages from coworkers in group DMs into tickets.

groups:history and groups:read

The groups:history and groups:read scopes are both requested as a bot token. The bot token gives access to messages in private channels where Assist has been invited, but only to messages and the name of the channel. With this scope enabled, agents can use an emoji to turn messages from coworkers in private channels into tickets.

chat:write and chat:write:customize

The chat:write scope is requested as both a user and bot token. The chat:write:customize scope is requested as a bot token.

The bot token allows Assist to post messages and update the icon to match the face of the agent/requester or use a custom Assist icon. The user token gives access to send and delete messages from Agents in Halp — not all users in Slack. With this scope enabled, Assist can edit and delete messages from agents when they are modified, plus move tickets between different triage channels for escalations or reassignments.

commands

The commands scope is requested as a bot token. This scope enables the use of the /helpdesk, /assist, /support slash commands, plus the Slack Action.

reactions:read and reactions:write

The reactions:read and reactions:write scopes are requested as both user and bot tokens. The bot token gives access to emoji reactions in DMs and channels where the bot isn't invited. The user token gives access to emoji reactions anywhere in Slack. With these scopes enabled, users can react with emojis to create a ticket anywhere in Slack. It also allows emoji reactions to sync between threads.

team:read, users.profile:read, users:read, users:read.email

The team:read, users:read, users.profile:read, and users:read:email scopes are requested as bot tokens. These scopes enable Assist to set the requester name and email when a new ticket is created. These scopes can't be removed.

files:read and files:write

The files:read scope is requested as both bot and user tokens. The files:write scope is requested as a bot token. The files scopes enable users to create tickets out of files, plus allows for files added to tickets to be posted to the appropriate Slack threads.

workflow.steps:execute

The workflow.steps:execute scope is requested as a bot token. This scope lets an app add steps that people can use in Workflow Builder. This feature is still an early beta feature and will be released to the public soon.

app:mentions.read

The app:mentions.read scope is requested as a bot token. This scope lets Halp know when the Assist bot is mentioned in a channel that it is in. This scope is used for an upcoming beta feature.

identity.basic & identity.email

The identity.basic and identity.email scopes are requested as a bot token. These scopes allow users to authenticate on Halp web.


How did we do?