Slack Permissions: which ones we need, and why

23 July 2021
Wojciech Gryc

The Phase Slack app helps you manage Slack overload – if your community gets dozens or hundreds of messages per hour, then we can help you sort through the noise.

We often get questions about what Phase collects via our Slack app. We take privacy very, very seriously and only collect what we need to enable a great user or admin experience. Below is a list of permissions we request when you install our app, and what they enable us to do...

When installing the app, you'll see a message similar to the image below.


You'll see a similar permissions request when installing the Phase app; these permissions are what enable all the features in the Phase app

We'll explain the details around each of the requests above.

Content and info about you

In this case, we "view information about your identity" specifically to validate your account and who you are. Phase does not get access to your password, but rather Slack confirms your identity and lets us know you are who you say you are. It's why we can then get data from your Slack workspace.

Content and info about channels & conversations

This set of permissions lets Phase get the messages and reactions to messages in your public channels. Note that we do not have access to private messages or direct messages; just the public ones. We are then able to see messages that are posted, as well as individual reactions to the messages themselves.

If you are familiar with the Slack API, here are the specific permissions we are requesting:

  • channels:history This enables us to get messages in your public channels. It’s what we use to actually see which messages are posted. Note that this doesn’t give us access to private channels or direct messages; only the public ones.
  • channels:read This helps us connect the Slack channel IDs, which are a bunch of alphanumeric characters (e.g., “C021ADHA9”), back to the actual channel name (e.g., “#random”). We also use this to see the channel membership list – in other words, which members are active in a specific channel.
  • reactions:read This enables us to monitor the actual emoji reactions in channels. Similar to the above, this limits our access to public channels. Private channels and the reactions therein are off-limits to Phase.

Content and info about your workspace

These permissions enable us to actually know who your Slack users are -- their names, locations, channel memberships, time zones, and avatar image URLs. We also request their emails so that you can see all of this information in one convenient table. Note that the Phase app does not e-mail your Slack members for any reason; the e-mails are there so you can reach out to them if need be.

As in the previous section, here are the specific API permissions we request:

  • team:read This enables us to see your workspace's domain (the web address). Without this, you won't be able to click links to join conversations that pop up in your feeds.
  • users:read This gives us a list of your Slack community members and their general information, such as names, time zones, avatar image URLs, and so on. It feeds the “members” list and allows us to tell you the member associated with specific messages or emoji reactions. Otherwise, we’d only be able to show you internal alphanumeric member IDs.
  • users:read.email Phase users sometimes email individual Slack community members or follow up with notes, so we show email addresses as well. This permission enables us to fill in the “user email” column in our member list. Phase does not email users in the member list.

Have any questions?

We’re happy to help clarify any of the above! Just reach out to us by e-mail at hello@phaseai.com

 

Try Phase in your workspace today

Get Started

Phase is a community relationship management system. We help administrators, executives, and community leaders deal with the FOMO of running growing communities with engaged users.

© 2021