Links

Permissions

Rocket.Chat provides a comprehensive and customizable permissions framework. Most user actions require specific permissions, enabling you to tailor user capabilities and visibility within the system.
To access this menu,
  • Navigate to Administration > Workspace > Permissions
Permission changes are immediate and transparent. There is no need for users to log out, sign back in, or refresh the system for the revised permissions to take effect.

Roles

A role refers to a set of permissions and privileges assigned to a user or a group of users within the workspace. They determine what actions and features a user can access and control within the Rocket.Chat environment. They are shown as little tags on the side of a username on messages. Rocket.Chat comes with a set of default roles that can be modified.
See Roles in Rocket.Chat to learn more about roles.

Scope of Roles

Rocket.Chat provides a comprehensive role-based permission system, which includes two distinct scopes: the Global Scope and the Room Scope. These scopes serve different purposes and offer various permissions that users can assign.

Global Scope

A Global Scope Role applies to the entire workspace; for example —admin. They can be assigned permissions relevant at the server level and not specific to individual rooms or channels. For example, Create a Team is a permission that is applicable server-wide, enabling users to create teams regardless of the room or channel they are currently in.

Room Scope

Room scope roles are designed to provide users with specific permissions within individual rooms, for example - Moderator. Room scope permissions are helpful when managing room-specific activities and interactions. For example, you can assign the Edit Room permission to a Moderator role. However, a user must be set as a moderator in a room before they can edit that room information.
While you can globally assign some room roles to a user when creating or editing the user, it would only make meaning once the role is assigned to that user in the specific room.

Creating Custom Roles

As a workspace administrator, you can create new roles with custom permissions for your workspace.
As from Rocket.Chat V6.0.x.x the creating and editing of custom roles is an enterprise feature.
To create a new role,
  • Navigate to Administration > Workspace > Permissions
  • Click on New role
  • A side panel opens, provide the details required
    • Role: Name of the role.
    • Description: Set a description of the role.
    • Scope: Select what scope the role is to take effect on.
  • Save
You can now allocate permissions to the role by checking the checkbox corresponding to each permission beneath the role.

Default Roles

  • admin (Users) - Have access to all settings and administrator tools.
  • moderator (Subscriptions) - Have moderation permissions for a channel. It has to be elected by a channel owner.
  • owner (Subscriptions) - Have owner permissions for a channel. Users who create a channel become the owner of that channel. They can also elect more owners for that channel.
  • user (Users) - Normal user rights. Most users receive this role when registering.
  • bot (Users) - Special Role for bot users, with some permissions related to bot functionality.
  • leader (Subscriptions) - it doesn't have any special permissions but is used when setting a leader to a channel. Leaders appear on the header of a channel.
  • anonymous (Users) - unauthenticated users that access the server when the Allow Anonymous Read setting is activated.
  • guest (Users) - anonymous users that want to write and participate in channels when the Allow Anonymous Read and Allow Anonymous Write settings are activated.
  • livechat-agent (Users) - Agents of Live Chat. They can answer to Live Chat requests.
  • livechat-manager (Users) - Manager of Live Chat, can manage agents and guests.
  • livechat-guest (Users) - Users coming from a Live Chat channel.

Permissions

Name
Codebase Name
Purpose
Access Mailer Screen
access-mailer
Permission to use the Mailer Tool. Accessible from Administration -> Mailer.
Access Permissions Screen
access-permissions
Permission to create and edit roles and permissions. Accessible from Administration -> Permissions.
Add all users to a room
add-all-to-room
Permission to add all users to a room.
Add Omnichannel Agents to Departments
add-livechat-department-agents
Permission to assign an onmichannel agent to a department.
Add OAuth Service
add-oauth-service
Permission to manage different OAuth services and apps. Accessible from Administration -> OAuth Apps.
Add Team Channel
add-team-channel
Permission to add channels to a team.
Add Team Member
add-team-member
Permission to add members to a team.
Add User to Any Public Channel
add-user-to-any-c-room
Permission to add a user to a public channel.
Add User to Any Private Channel
add-user-to-any-p-room
Permission to add a user to a private channel.
Add User to Any Joined Channel
add-user-to-joined-room
Permission to add a user to a joined channel.
Bypass rate limit for REST API
api-bypass-rate-limit
Permission to call api without rate limitation. See Rate Limiter.
Archive Room
archive-room
Permission to archive a channel.
Assign Admin Role
assign-admin-role
Permission to promote user to Admin. Requires view-user-administration permission. Accessible from Administration -> Users.
Assign Roles
assign-roles
Permission to assign roles for a user. Requires view-user-administration permission. Accessible from Administration -> Users.
Auto Translate
auto-translate
Permission to use the Auto Translate Tool. Accessible from Administration > Workspace > Settings > Message > Auto Translate.
Ban User
ban-user
Permission to ban a user.
Block IP Device Management
bulk-create-c
Permission to bulk create public channels.
Bulk Create Users
bulk-register-user
Permission to bulk add users.
Bypass time limit
Call Management
call-management
Permission to start a meeting. Requires Video Conference -> BigBlueButton enabled. Accessible from More -> BBB Video Chat -> Start Meeting.
Clean Channel History
clean-channel-history
Permission to prune a channel's messages and/or files.
clean-group-history
Permission to prune a group's messages and/or files.
clean-direct-history
Permission to prune direct messages and/or files.
Close Omnichannel Room
close-livechat-room
Permission to close your own Live Chat channels.
Close Other Omnichannel Room
close-others-livechat-room
Permission to close other Live Chat channels.
Convert Team
convert-team
Permission to convert team to channel.
Create Public Channels
create-c
Permission to create public channels.
Create Direct Messages
create-d
Permission to start direct messages.
Create Invite Links
create-invite-links
Permission to create invite links to add members to a room
Create Private Channels
create-p
Permission to create private groups.
Create Personal Access Tokens
create-personal-access-tokens
Permission to create Personal Access Tokens. Accessible from My Account -> Personal Access Tokens.
Create User
create-user
Permission to create new users. Accessible from Administration -> Users. Click the + sign found on the top right hand corner of the Users list to create a new user.
Create Team
create-team
Permission to create a team.
Delete Public Channels
delete-c
Permission to delete public channels.
Delete Direct Messages
delete-d
Permission to delete direct messages.
Delete Message
delete-message
Permission to delete a message within a channel.
Delete Own Message
delete-own-message
Permission to delete your own message.
Delete Private Channels
delete-p
Permission to delete private channels.
Edit Livechat Room Custom Fields
edit-livechat-room-customfields
Permission to edit a livechat custom field.
Delete User
delete-user
Permission to delete users.
Delete Team
delete-team
Permission to delete a team
Edit Message
edit-message
Permission to edit a message.
Edit Omnichannel Contact
edit-omnichannel-contact
Permission to edit omnichannel contact.
Edit Other User Active Status
edit-other-user-active-status
Permission to enable or disable other accounts. Accessible from Administration -> Users.
Edit Other User Avatar
edit-other-user-avatar
Permission to edit other users avatar.
Edit Other User E2E Encryption
edit-other-user-e2ee
Permision to edit other users E2E key.
Edit Other User Information
edit-other-user-info
Permission to change other user's name, username or email address. Accessible from Administration -> Users.
Edit Other User Password
edit-other-user-password
Permission to modify other user's passwords. Requires edit-other-user-info permission. Accessible from Administration -> Users.
Edit Other User Two Factor TOTP
edit-other-user-totp
Permission to edit other user TOTP.
Edit Privileged Setting
edit-privileged-setting
Permission to edit privileged settings.
Edit Room
edit-room
Permission to edit a room's name, topic, type (private or public status) and status (active or archived).
Edit Room Avatar
edit-room-avatar
Permission to edit a room avatar.
Edit Room's Retention Policy
edit-room-retention-policy
Permission to edit's a room's retention policy.
Edit Team
edit-team
Permission to edit a team.
Edit Team Channel
edit-team-channel
Permission to add a team channel
Edit Team Member
edit-team-member
Permission to add a team member.
Force Delete Message
force-delete-message
Permission to forcefully delete messages, independent of any deletion blocking setting.
Inbound Voip Calls
inbound-voip-calls
Join Without Join Code
join-without-join-code
Permission to bypass join codes when entering a channel with a join code set.
Leave Channels
leave-c
Permission to leave the public channel.
Leave Private Groups
leave-p
Permission to leave the private channel.
Logout Device Management
logout-device-management
Permission to log out device management
Logout Other User
logout-other-user
Permission to log out other users.
Mail Messages
mail-messages
Permission to use the "Mail Messages" tool in the channel actions menu.
Manage Agent Extension Association
manage-agent-extension-association
Permission to manange extension association.
Manage Apps
manage-apps
Permission to manage all apps. Accessible from Administration -> Apps.
Manage Assets
manage-assets
Permission to manage assets. Must also be admin Accessible from Administration -> Assets.
manage-chatpal
Manage Email Inbox
manage-email-inbox
Permission to manage email inbox.
Manage Cloud
manage-cloud
Permission to manage cloud. Requires view-user-administration permission. Accessible from Administration -> Cloud.
Manage Emoji
manage-emoji
Permission to add custom emojis to the server. Accessible from Administration -> Custom Emoji.
Manage Incoming Integrations
manage-incoming-integrations
Permission to manage all incoming integrations. Accessible from Administration -> Integrations.
Manage Outgoing Integrations
manage-outgoing-integrations
Permission to manage all ougoing integrations. Accessible from Administration -> Integrations.
Manage OAuth Apps
manage-oauth-apps
Permission to manage OAuth apps. Accessible from Administration -> OAuth.
Manage Outgoing Integrations
manage-outgoing-integrations
Permission to manage all outgoing integrations. Accessible from Administration -> Integrations.
Manage Outgoing Integrations
manage-own-outgoing-integrations
User can create and edit own outgoing integration - webhooks.
Manage Own Incoming Integrations
manage-own-incoming-integrations
User can create and edit own incoming integration - webhooks.
Manage Omnichannel Agents
manage-livechat-agents
Permission to manage omnichannel agents.
Manage Omnichannel Canned Responses
manage-livechat-canned-responses
Permission to manage canned responses.
Manage Omnichannel Departments
manage-livechat-departments
Permission to manange omnichannel departments.
Manage Omnichannel Managers
manage-livechat-managers
Permission to manage omnichannel managers.
Manage Omnichannel Monitors
manage-livechat-monitors
Permission to manage omnichannel monitors.
Manage Omnichannel Priorities
manage-livechat-priorities
Permission to manange omnichannel priorities.
Manage Omnichannel SLA
manage-livechat-sla
Permission to manage omnichannel SLA
Manage Omnichannel Tags
manage-livechat-tags
Permission to manage omnichannel tags.
Manage Omnichannel Units
manage-livechat-units
Permission to manage omnichannel units.
Manage Moderation Actions
manage-moderation-actions
Permission to manage moderation.
Change Some Settings
manage-selected-settings
Permission to change settings which are explicitly granted to be changed.
Manage Sounds
manage-sounds
Permission to manage sounds. Accessible from Administration -> Custom Sounds.
Manage User Status
manage-user-status
Permission to manage user status.
Manage Voip Call Settings
manage-voip-call-settings
Permission to manage Voip call settings.
Manage Voip Contact Center Settings
manage-voip-contact-center-settings
Permission to manage Voip contact center.
Mention All
mention-all
Permission to mention everyone in a channel.
Mention Here
mention-here
Permission to notify active users in a channel.
Impersonate Other Users
message-impersonate
Permission to impersonate other users using message alias. Accessible from Administration -> Permissions. |
Mute User
mute-user
Permission to mute other users in the same channel.
On Hold Omnichannel Room
on-hold-livechat-room
Permission to put a room on hold.
On Hold Others Omnichannel Room
on-hold-others-livechat-room
Permission to put livechat room on hold for others.
Outbound Voip Calls
outbound-voip-calls
Permission to outbound voip calls.
Pin Message
pin-message
Permission to pin a message in a channel.
Post ReadOnly
post-readonly
Permission to post messages on read-only channels.
Preview Public Channel
preview-c-room
Permission to preview public channels.
Register On Cloud
register-on-cloud
Permission to register a workspace manually.
Remove Canned Responses
remove-canned-responses
Permission to remove canned responses.
Remove Closed Omnichannel Room
remove-closed-livechat-rooms
Permission to close Live Chat rooms. Requires view-livechat-rooms permission. Accessible from Live Chat -> Current Chats.
Remove Omnichannel Departments
remove-livechat-department
Permision to remove omnichannel departments.
Remove Slackbridge Links
remove-slackbridge-links
Permission to remove slackbridge links
Remove Team Channel
remove-team-channel
Permission to remove a channel from a team.
Remove User
remove-user
Permission to remove users from channels.
Request PDF Transcript
request-pdf-transcript
Permission to request a PDF transcript for a chat.
Restart the server
restart_server
Permission to reset the server.
Reset Other User E2E
reset-other-user-e2e-key
Permission to set E2E key. See End to End Encryption.
Run Import
run-import
Permission to use the data importer tools. Must also be an admin. Accessible from Administration -> Import.
Run Migration
run-migration
Permission to run migrations.
Save All Canned Responses
save-all-canned-responses
Permission to save all canned responses.
Save Canned Responses
save-canned-responses
Permission to save canned responses.
Save Department Canned Responses
save-department-canned-responses
Permission to save canned responses in the right.
Save Others Omnichannel Room Info
save-others-livechat-room-info
Permission to add additional information to both the visitor and Live Chat rooms.
Send Many Messages
send-many-messages
Permission to bypasses rate limit of 5 messages per second.
Send Omnichannel Conversation Transcript
send-omnichannel-chat-transcript
Permission to send omnichannel transcript.
Set Leader
set-leader
Permission to set leaders for channels
Set Moderator
set-moderator
Permission to set moderators for channels.
Set Owner
set-owner
Permission to set other users as owner of a public channel.
Set React When ReadOnly
set-react-when-readonly
Permission to react to messages in only channels.
Set ReadOnly
set-readonly
Permission to set room read-only. Accessible from Room Info -> Edit.
Snippet Message
snippet-message
Permission to create message snippets.
Spy Voip Calls
spy-voip-calls
Start Discussion
start-discussion
Permission to start a discussion.
Start Discussion (Other-User)
start-discussion-other-user
Permission to start a discussion, which gives permission to the user to create a discussion from a message sent by another user as well.
Sync authentication services' users
sync-auth-services-users
Permission to sync users from other authentication services to the workspace.
Toggle Room E2E Encryption
toggle-room-e2e-encryption
Permission to toggle E2E encryption.
Unarchive Room
unarchive-room
Permission to unarchive channels.
User Generate Access Token
user-generate-access-token
Permission to create authorization tokens for users.
Ring other users when calling
videoconf-ring-users
Permission to ring other users when calling.
View Agent Canned Responses
view-agent-canned-responses
Permission to view canned responses of an agent.
View Agent Extension Association
view-agent-extension-association
Permission to view agent extension association.
View All Canned Responses
view-all-canned-responses
Permission to view all canned responses
View All Team Channels
view-all-team-channels
Permission to view all team's channels
View All Teams
view-all-teams
Permission to view all teams
View Members List in Broadcast Room
view-broadcast-member-list
Permission to view the list of users in a broadcast channel.
View Public Channel
view-c-room
Permission to view public channels.
View Direct Messages
view-d-room
Permission to view direct messages. Does not affect the ability to begin/start a direct message with another user.
View Device Management
view-device-management
Permission to view device management dashboard
View Engagement Dashboard
view-engagement-dashboard
Permission to view engagement dashboard.
View Federation Data
view-federation-data
Permission to view federation data
View Full Other User Info
view-full-other-user-info
Permission to view full profile of other users including account creation date, last login, etc.
View History
view-history
Permission to view the channel history.
View Import Operations
view-import-operations
Permission to view import operations
View Join Code
view-join-code
Permission to view the join code of channels.
View Joined Room
view-joined-room
Permission to view current joined channels.
View Omnichannel Rooms
view-l-room
Permission to view Live Chat channel.
View Omnichannel Analytics
view-livechat-analytics
Permission to view Live Chat analytics. Requires Live Chat feature enabled and view-Livehat-manager permission.
View Omnichannel Appearance
view-livechat-appearance
Permission to view live chat appearance.
View Omnichannel Business-Hours
view-livechat-business-hours
Permission to view live chat business hours.
View Omnichannel Current Chats
view-livechat-current-chats
Permission to view live chat current chats
View Omnichannel Custom Fields
view-livechat-customfields
Permission to view Omnichannel custom fields.
View Omnichannel Departments
view-livechat-departments
Permission to view Omnichannel departments.
View Omnichannel Installation
view-livechat-installation
Permission to view Omnichannel installation
View Omnichannel Manager
view-livechat-manager
Permission to view other Live Chat managers.
View Omnichannel Queue
view-livechat-queue
Permission to view Omnichannel queue
View Omnichannel Real-time Monitoring
view-livechat-real-time-monitoring
Permision to view live chat real time monitoring.
View Omnichannel Rooms closed by another agent
view-livechat-room-closed-by-another-agent
Permission to view live chat rooms closed by another agent.
View Omnichannel Rooms closed by another agent in the same department
view-livechat-room-closed-same-department
Permission to view live chat rooms closed by another agent in the same department.
View Omnichannel Rooms
view-livechat-rooms
Permission to view a list of Live Chat channels.
View Omnichannel Triggers
view-livechat-triggers
Permission to view live chat triggers.
View Omnichannel Webhooks
view-livechat-webhooks
Permission to view live chat webhooks
View Logs
view-logs
Permission to view logs. Accessible from Administration -> View Logs.
View Moderation Console
view-moderation-console
Permission to view moderation console of the server.
View Omnichannel Contact Center
View Omnichannel Contact Center
Permission to manage access to the contact center.
View Other User Channels
view-other-user-channels
Permission to manage channels on the admin screen.
View Outside Room
view-outside-room
Permission to find new channels and users. Users without this permission won't see channels that they are not part of when searching using the spotlight.
View Private Room
view-p-room
Permission to view private channels.
View Privileged Setting
view-privileged-setting
Permission to view privileged settings.
View Room Administration
view-room-administration
Enables Administration -> Channels module. Enables Permission to view public, private, and direct message statistics. Does not include permission to view conversations or archives.
View StatisticsView User Administration
view-statistics
Enables Administration -> Info module. Enables the permission to view system statistics such as number of users logged in, number of rooms, operating system information.
View User Administration
view-user-administration
Enables Administration -> Users module. Only includes partial, read-only list view of other user accounts currently logged into the system. No user account information is accessible with this permission. Add view-full-other-user-info to see a complete list of other users via the Administration -> Users.
Can Audit
can-audit
Permission to access the Message Auditing Panel
Can Audit Log
can-audit-log
Permission to check the details about who used the Message Auditing Panel and their search results
Allow file upload on mobile devices
Allow file download on mobile devices
permission to allow mobile users to be able to download and upload files from and to the server