The Settings tab in the Permissions tab allows you to control the workspace settings users can alter within a workspace based on their roles (workspace settings can be accessed from Manage → Workspace → Settings). Rather than providing unrestricted access, you have the option to grant specific permissions associated with particular tasks. For instance, a user responsible for file uploads can be allocated permissions to change settings strictly related to file upload while limiting access to other sensitive workspace settings.
Managing permissions with such precision can enhance security, mitigate the risk of inadvertent alterations, and streamline the distribution of duties throughout the workspace.
Assigning permissions for settings
Go to Manage → Workspace → Permissions. Here, you will find the roles and the list of permissions. By default, workspace administrators have all permissions, including the Edit Privileged Setting permission. The Edit Privileged Setting permission is used to provide access to the workspace settings. To grant a role access to the entire workspace settings, assign this permission to that role. Users with that role will be able to access and modify all workspace settings.
There may be cases when you want a role to have access to only specific settings. Follow these steps to do so:
On the Permissions page, select the
Change Some Settingspermission for the role that you want to be able to access the settings.Then, select the Settings tab from the top of the page. On this tab, you will find the list of settings available in the workspace.
From here, select the settings that you want to grant access to the role. For example, if you want to grant access to file upload settings, you can search for the term “file” in the search bar. Then select the settings. The following screenshot demonstrates an example:
.png)
Now users with the specific role can access the selected settings from their workspace accounts. You can deselect the permissions once they are not needed. In this way, you can have granular control over access to settings.
List of settings
The following list of settings is not comprehensive. You can find more settings in your workspace.
Name | Codebase Name | Description |
|---|---|---|
General > REST API > Allow Getting Everything |
| Allow REST API requests to return all results in one call. |
General > REST API > CORS Origin |
| Allowed origin for cross-origin (CORS) requests to the REST API. |
General > REST API > Apply permission |
| Temporary setting to enforce |
General > REST API > Default Count |
| The default count for REST API results if the consumer did not provided any |
Message > Embed Cache Expiration Days |
| Embed Cache Expiration Days. |
Message > Embed Request User Agent |
| User agent string sent when fetching link previews. |
Message > API_Embed_clear_cache_now |
| |
Message > Safe Ports |
| List of hosts or CIDR addresses, eg. localhost, 127.0.0.1, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 |
OAuth > Drupal > Drupal Server URL |
| Example: |
Embed Link Previews |
| Whether embedded link previews are enabled or not when a user posts a link to a website |
Accounts > Allow Anonymous Read |
| Allow anonymous users to read messages without signing in. |
Accounts > Allow Anonymous Write |
| Allow anonymous users to post messages without signing in. |
Accounts > Allow Users to Delete Own Account |
| Allow users to delete their own account. |
Accounts > Allow Email Change |
| Allow users to change their email address. |
Accounts > Allow Email Notifications |
| Allow users to change their password. |
Accounts > Allow Invisible status option |
| Allow users to set their status to invisible. |
Accounts > Allow Password Change |
| Allow users to change their password. |
Accounts > Allow Password Change for OAuth users |
| Allow users who signed in through OAuth to change their password. |
Accounts > Allow Name Change |
| Allow users to change their display name. |
Accounts > Allow User Avatar Change |
| Allow users to change their avatar. |
Accounts > Allow User Profile Change |
| Allow users to edit their profile. |
Accounts > Allow Custom Status Message |
| Allow users to set a custom status message. |
Accounts > Allow Username Change |
| Allow users to change their username. |
Accounts > Registration > Allowed DomainsList |
| Comma-separated list of email domains allowed to register. |
Accounts > Avatar > Block Unauthenticated Access |
| Block Unauthenticated Access to Avatars |
Accounts > Avatar > Avatar cache time |
| Number of seconds the http protocol is told to cache the avatar images. |
Accounts > Avatar > Avatar Size |
| Size, in pixels, to which avatars are resized. |
Accounts > Registration > Blocked Domain List |
| Comma-separated list of blocked domains. |
Accounts > Avatar > Resize Avatars |
| Resize avatars to the configured avatar size. |
Accounts > Avatar > Avatar External ProviderUrl |
| Avatar External Provider URL |
Accounts > Registration > Blocked Username List |
| Comma-separated list of blocked usernames (case-insensitive) |
Accounts > Registration > Accounts_CustomFields_Description |
| Should be a valid JSON where keys are the field names containing a dictionary of field settings |
Accounts > Custom Fields to Show in User Info |
| Custom Fields to Show in User Info. |
Accounts > Registration > Default Username Prefix Suggestion |
| Default Username Prefix Suggestion |
Accounts > Default User Preferences > Also Send Thread To Channel Description |
| Allow users to select the Also send to channel behavior |
Accounts > Default User Preferences > Collapse Embedded Media by Default |
| Collapse Embedded Media by Default |
Accounts > Default User Preferences > Accounts > Convert ASCII to Emoji |
| Convert ASCII to Emoji |
Accounts > Default User Preferences > Accounts > Desktop Notification Require Interaction |
| Require Interaction to Dismiss Desktop Notification |
Accounts > Default User Preferences > Accounts > Email Notification Mode |
| Offline Email Notifications |
Accounts > Default User Preferences > Accounts > Enable Auto Away |
| Enable Auto Away |
Accounts > Default User Preferences > Hide Flex Tab |
| Hide Contextual Bar by clicking outside of it |
Accounts > Default User Preferences > Accounts > Hide Roles |
| Hide Roles |
Accounts > Default User Preferences > Accounts > Hide Usernames |
| Hide Usernames |
Accounts > Default User Preferences > Accounts > Idle Time Limit |
| Period of time until status changes to away. Value needs to be in seconds. |
Accounts > Default User Preferences > Accounts > Mute Focused Conversations |
| Mute Focused Conversations |
Accounts > Default User Preferences > Accounts > New Message Notification |
| New Message Notification |
Accounts > Default User Preferences > Accounts > New Room Notification |
| New Room Notification |
Accounts > Default User Preferences > Accounts > Notifications sound volume |
| Notifications sound volume |
Accounts > Default User Preferences > Accounts > Push Notifications |
| Push Notifications Default Alert |
Accounts > Default User Preferences > Accounts > Save Mobile Bandwidth |
| Save Mobile Bandwidth |
Accounts > Default User Preferences > Accounts > Display Avatars in Sidebar |
| Display Avatars in Sidebar |
Accounts > Default User Preferences > Accounts > Group by Type |
| Group by Type |
Accounts > Default User Preferences > Accounts >Use Emojis |
| Use Emojis |
Accounts > Default Directory Listing |
| Default Directory Listing |
Accounts > Accounts_EmailOrUsernamePlaceholder |
| Placeholder for Email or Username Login Field |
Accounts > Registration > Only allow verified users to login |
| Allow only verified users to login |
Email > Registration > Enrollment Email |
| Enrollment Email |
Email > Registration > Accounts_Enrollment_Email Subject |
| Accounts Enrollment Email Subject |
Accounts > Forget User Session on Window Close |
| Forget User Session on Window Close |
Accounts > Iframe > Api Method |
| Api Method |
Accounts > Iframe > API URL |
| API URL |
Accounts > Login Expiration in Days |
| Login Expiration in Days |
Accounts > Registration > Manually Approve New Users |
| Manually Approve New Users |
OAuth > Apple > Accounts_OAuth_Apple_Id |
| Enable Apple Login |
OAuth > Drupal > Drupal Login Enabled |
| Drupal Login Enabled |
OAuth > Drupal > Drupal oAuth2 Redirect URI |
| Drupal oAuth2 Redirect URI |
OAuth > Drupal > Drupal oAuth2 Client ID |
| Drupal oAuth2 Client ID |
OAuth > Drupal > Drupal oAuth2 Client Secret |
| Drupal oAuth2 Client Secret |
OAuth > Facebook > Facebook Login |
| Facebook Login |
OAuth > Facebook > Facebook App ID |
| Facebook App ID |
OAuth > Facebook > Facebook Callback URL |
| Facebook Callback URL |
OAuth > GitHub Enterprise > OAuth Enabled |
| Enable Github Oauth |
OAuth > GitHub Enterprise > GitHub Enterprise Callback URL |
| GitHub Enterprise Callback URL |
OAuth > GitHub Enterprise > Client Id |
| Github Enterprise Client Id |
OAuth > GitHub Enterprise > Client Secret |
| Github Enterprise Client Secret |
OAuth > GitHub Enterprise > Client Id |
| Github Enterprise Client Id |
OAuth > GitHub > Client Secret |
| Github Client Secret |
OAuth > GitHub > GitHub Enterprise Callback URL |
| GitHub Callback URL |
OAuth > GitHub > OAuth Enabled |
| OAuth Enabled |
OAuth > GitLab > OAuth Enabled |
| OAuth Enable |
OAuth > GitLab > GitLab Callback URL |
| GitLab Callback URL |
OAuth > GitLab > GitLab Id |
| GitLab Id |
OAuth > GitLab > Identity Path |
| GitLab Identity Path |
OAuth > GitLab > Merge Users |
| GitLab Merge Users |
OAuth > GitLab > Client Secret |
| GitLab Client Secret |
OAuth > Linkedin > LinkedIn Login |
| LinkedIn Login |
OAuth > Linkedin > Linkedin Callback URL |
| Linkedin Callback URL |
OAuth > Linkedin > LinkedIn Id |
| LinkedIn Id |
OAuth > Linkedin > LinkedIn Secret |
| LinkedIn Secret |
OAuth > Meteor > Meteor Login |
| Meteor Login |
OAuth > Meteor > Meteor Callback URL |
| Meteor Callback URL |
OAuth > Meteor > Meteor Id |
| Meteor Id |
OAuth > Meteor > Meteor Secret |
| Meteor Secret |
OAuth > Nextcloud > OAuth Enabled |
| OAuth Enabled |
OAuth > Nextcloud > Nextcloud Server URL |
| Nextcloud Server URL |
OAuth > Nextcloud > Nextcloud Callback |
| Nextcloud Callback URL |
OAuth > Nextcloud > Nextcloud Id |
| Nextcloud Id |
OAuth > Nextcloud > Client Secret |
| Client Secret |
OAuth > Proxy > Proxy Host |
| Proxy Host |
OAuth > Proxy > Proxy Services |
| Proxy Services |
OAuth > Twitter > Twitter Login |
| Twitter Login |
OAuth > Twitter > Twitter Callback URL |
| Twitter Callback URL |
OAuth > Twitter > Twitter Id |
| Twitter Id |
OAuth > Twitter > Twitter Secret |
| Twitter Secret |
OAuth > WordPress > WordPress Login |
| WordPress Login |
OAuth > WordPress > Authorize Path |
| Wordpress Authorize Path |
OAuth > WordPress > WordPress Callback URL |
| WordPress Callback URL |
OAuth > WordPress > WordPress Id |
| WordPress Id |
OAuth > WordPress > Identity Path |
| Identity Path |
OAuth > WordPress >Identity Token Sent Via |
| Identity Token Sent |
OAuth > WordPress > WordPress Secret |
| WordPress Secret |
OAuth > WordPress > Scope |
| Wordpress scope |
Layout > Login > Show Default Login Form |
| Show Default Login Form. |
Outlook calendar |
| Outlook calendar |
Accounts > Iframe > Enabled |
| Enable Iframe |
Accounts > Iframe > Iframe URL |
| Iframe URL |
Email > Privacy > Add Sender to Reply-To |
| Add Sender to Reply-To |
General > Allow Invalid Self-Signed Certs |
| Allow Invalid Self-Signed Certs |
Setup Wizard > Organization Info > Allow Marketing Emails |
| Allow Marketing Emails |
Mobile > Allow Save Media to Gallery |
| Allow Save Media to Gallery |
Analytics |
| Analytics |
Analytics > Features Enabled > Analytics_Messages |
| Tracks custom events related to actions a user does on messages |
Analytics > Features Enabled > Analytics_Rooms |
| Tracks custom events related to actions on a channel or group (create, leave, delete). |
Analytics > Features Enabled > Analytics_Users |
| Tracks custom events related to actions related to users (password reset times, profile picture change, etc). |
General > Apps > Directory for storing apps source package |
| Directory for storing apps source package |