Roles in Rocket.Chat

Roles and permissions are integral to managing access in any digital workspace. Rocket.Chat's comprehensive role-based system allows administrators to assign roles, each with a specific set of permissions, to control user actions and access levels within the workspace.

A role refers to a set of permissions and privileges assigned to a user or a group of users within the workspace. The roles determine the controls and features a user can access or handle in a workspace. They are displayed as mini tags beside the username on messages.

You can view the roles from Administration > Permissions. The Name row displays the roles. The permissions that each role has are displayed in the table. You can edit the permissions and roles as per your needs.

This topic guides you through the categories of roles available in Rocket.Chat and the scope within which the roles can be applied to users.

Categories of Rocket.Chat Roles

The following categories of roles are available in Rocket.Chat:

Rocket.Chat Administrator Role

A Rocket.Chat administrator has the admin role, which gives full access to the entire Rocket.Chat workspace. They can manage both Workspace Administration and Omnichannel settings.

Rocket.Chat User Roles

Rocket.Chat users can have one or more roles, allowing them to perform the various actions granted by the role's permissions.

Role Description

Role	Description
`user`	The user role is the most common in Rocket.Chat. It serves as a standard role for all members of a Rocket.Chat workspace. Users can join rooms, send messages, upload files, and participate in all forms of communication.
`bot`	Bots are automated users that can be programmed to perform specific tasks, such as sending messages, answering questions, and triggering notifications.
`guest`	Guest users have limited access to your Rocket.Chat workspace. They can only participate in rooms they belong to.
`anonymous`	Unauthenticated visitors on your Rocket.Chat workspace. Anonymous users do not have a specified username.
`app`	Automated users that are used by Rocket.Chat Apps from the Rocket.Chat Marketplace
`Owner`	A room owner is a user designated as the owner of a specific room. The room owner can manage the channel, including controlling access to joining the channel, editing channel settings, and managing messages within the channel.
`Leader`	A room leader gets pinned on the top of a channel and can receive 1:1 messages from other channel users.
`Moderator`	Moderators can manage messages, delete messages, and ban users from a specific channel.
`auditor`	It allows a user to view and audit all messages within the workspace. Users with the `auditor` role alone cannot send messages.
`auditor-log`	The `auditor-log` role allows a user to see logs about all audited messages with timestamps and by whom. Users with the `auditor-log` role alone cannot send messages.

user

The user role is the most common in Rocket.Chat. It serves as a standard role for all members of a Rocket.Chat workspace. Users can join rooms, send messages, upload files, and participate in all forms of communication.

bot

Bots are automated users that can be programmed to perform specific tasks, such as sending messages, answering questions, and triggering notifications.

guest

Guest users have limited access to your Rocket.Chat workspace. They can only participate in rooms they belong to.

anonymous

Unauthenticated visitors on your Rocket.Chat workspace. Anonymous users do not have a specified username.

app

Automated users that are used by Rocket.Chat Apps from the Rocket.Chat Marketplace

Owner

A room owner is a user designated as the owner of a specific room. The room owner can manage the channel, including controlling access to joining the channel, editing channel settings, and managing messages within the channel.

Leader

A room leader gets pinned on the top of a channel and can receive 1:1 messages from other channel users.

Moderator

Moderators can manage messages, delete messages, and ban users from a specific channel.

auditor

It allows a user to view and audit all messages within the workspace. Users with the auditor role alone cannot send messages.

auditor-log

The auditor-log role allows a user to see logs about all audited messages with timestamps and by whom. Users with the auditor-log role alone cannot send messages.

To create and manage custom roles with specified permissions tailored to your needs, see Custom Roles.

Rocket.Chat Omnichannel Roles

Omnichannel roles allow users to interact with or manage various Omnichannel features.

Role Description

Role	Description
`Livechat Agent`	LiveChat Agents handle visitors' inquiries and support requests through Omnichannel Live Chat.
`Livechat Manager`	LiveChat Managers can manage Livechat Agents and all other Omnichannel features.
`livechat-monitor`	Users with the `livechat-monitor` role can view and monitor Live Chat interactions and analytics.

Livechat Agent

LiveChat Agents handle visitors' inquiries and support requests through Omnichannel Live Chat.

Livechat Manager

LiveChat Managers can manage Livechat Agents and all other Omnichannel features.

livechat-monitor

Users with the livechat-monitor role can view and monitor Live Chat interactions and analytics.

Rocket.Chat Marketplace Roles

Internally, there are two roles for Rocket.Chat Marketplace. The first is within the publisher, and the second is within the workspace. Henceforth, they're known as publisher roles and system roles.

Publisher Roles

There are three different roles within a Publisher, which include the following:

Owner
Developer
Viewer

The Owner role is applied whenever someone creates a publisher. Each of the subsequent roles only applies to people they have invited.

Role Description

Role	Description
`Publisher: Owner`	The `owner` has the permission to manage everything on the publisher dashboard. It includes managing both apps and other users. To change the role of another user: Click Change Role from the Actions dropdown across the user in question. Select the desired role to change.
`Publisher: Developer`	A user with the `developer` role can read everything and update apps.
`Publisher: Viewer`	The `viewer` role can read everything but can't update anything.

Publisher: Owner

The owner has the permission to manage everything on the publisher dashboard. It includes managing both apps and other users.

To change the role of another user:

Click Change Role from the Actions dropdown across the user in question.
Select the desired role to change.

Publisher: Developer

A user with the developer role can read everything and update apps.

Publisher: Viewer

The viewer role can read everything but can't update anything.

Scope of Rocket.Chat roles

The user and omnichannel roles are also categorized into Global and Room scopes.

Global Scope

Global roles are designed to provide users with permissions that apply to the entire workspace; for example — admin. They can be assigned permissions relevant at the server level and not specific to individual rooms or channels. For example, Create a Team is a permission that is applicable server-wide, enabling users to create teams regardless of the room or channel they are currently in.

Room Scope

Room scope roles are designed to provide users with specific permissions within individual rooms, for example - Moderator. Room scope permissions are helpful when managing room-specific activities and interactions. For example, you can assign the Edit Room permission to a Moderator role. A user must be set as a moderator in a room before they can edit that room information.

While you can globally assign some room roles to a user when creating or editing the user, it takes effect once the role is assigned to that user in a specific room.

Default Roles

Every Rocket.chat workspace has some default roles, which include the following:

admin (Global scope) - Have access to all settings and workspace administrator tools.
moderator (Room scope) - Have moderation permissions for a channel. It must be assigned by the room owner.
owner (Room scope) - Have owner permissions for a room. Users who create a room become the owner of that room. They can also assign more owners for that room.
user (Global scope) - Normal user rights. Most users receive this role when registering in the workspace.
bot (Global scope) - Special Role for bot users, with some permissions related to bot functionality.
leader (Room scope) - It is used when setting a leader in a room. Leaders appear on the header of a channel.
anonymous (Global scope) - Unauthenticated users that access the workspace when the Allow Anonymous Read setting is activated.
guest (Global scope) - Anonymous users that want to write and participate in rooms when the Allow Anonymous Read and Allow Anonymous Write settings are activated.
livechat-agent (Global scope) - Omnichannel agents. They can answer to Live Chat requests.
livechat-manager (Global scope) - Omnichannel managers, can manage agents and guests.
livechat-guest (Global scope) - Users coming from a Live Chat room.

Edit and delete roles

Go to Administration > Permissions.

Click the role from the Name row.
Update the required details and click Save to edit the role.
Click Delete to delete the role.
Click Users in Role to see the users who have been assigned to that particular role.

For information on creating custom roles, see Custom Roles.
For information on permissions and settings, see Permissions.

By offering a variety of predefined roles and the ability to create custom roles, Rocket.Chat ensures that workspace administrators can effectively control and limit user actions.

PreviousAir-gapped App Installation NextUser Guides

Last updated 15 days ago