Permissions
Rocket.Chat provides a comprehensive and customizable permissions framework. Most user actions require specific permissions, enabling you to tailor user capabilities and visibility within the system.
To access this menu,
- Navigate to Administration > Workspace > Permissions
Permission changes are immediate and transparent. There is no need for users to log out, sign back in, or refresh the system for the revised permissions to take effect.
A role refers to a set of permissions and privileges assigned to a user or a group of users within the workspace. They determine what actions and features a user can access and control within the Rocket.Chat environment. They are shown as little tags on the side of a username on messages. Rocket.Chat comes with a set of default roles that can be modified.
Rocket.Chat provides a comprehensive role-based permission system, which includes two distinct scopes: the Global Scope and the Room Scope. These scopes serve different purposes and offer various permissions that users can assign.
A Global Scope Role applies to the entire workspace; for example —
admin
. They can be assigned permissions relevant at the server level and not specific to individual rooms or channels. For example, Create a Team is a permission that is applicable server-wide, enabling users to create teams regardless of the room or channel they are currently in.Room scope roles are designed to provide users with specific permissions within individual rooms, for example -
Moderator
. Room scope permissions are helpful when managing room-specific activities and interactions. For example, you can assign the Edit Room permission to a Moderator role. However, a user must be set as a moderator in a room before they can edit that room information.While you can globally assign some room roles to a user when creating or editing the user, it would only make meaning once the role is assigned to that user in the specific room.
As a workspace administrator, you can create new roles with custom permissions for your workspace.
As from Rocket.Chat
V6.0.x.x
the creating and editing of custom roles is an enterprise feature. To create a new role,
- Navigate to Administration > Workspace > Permissions
- Click on New role
- A side panel opens, provide the details required
- Role: Name of the role.
- Description: Set a description of the role.
- Save
You can now allocate permissions to the role by checking the checkbox corresponding to each permission beneath the role.
- admin
(Users)
- Have access to all settings and administrator tools. - moderator
(Subscriptions)
- Have moderation permissions for a channel. It has to be elected by a channel owner. - owner
(Subscriptions)
- Have owner permissions for a channel. Users who create a channel become the owner of that channel. They can also elect more owners for that channel. - user
(Users)
- Normal user rights. Most users receive this role when registering. - bot
(Users)
- Special Role for bot users, with some permissions related to bot functionality. - leader
(Subscriptions)
- it doesn't have any special permissions but is used when setting aleader
to a channel. Leaders appear on the header of a channel. - anonymous
(Users)
- unauthenticated users that access the server when theAllow Anonymous Read
setting is activated. - guest
(Users)
- anonymous users that want to write and participate in channels when theAllow Anonymous Read
andAllow Anonymous Write
settings are activated. - livechat-agent
(Users)
- Agents of Live Chat. They can answer to Live Chat requests. - livechat-manager
(Users)
- Manager of Live Chat, can manage agents and guests. - livechat-guest
(Users)
- Users coming from a Live Chat channel.
Name | Codebase Name | Purpose |
---|---|---|
Access Mailer Screen | access-mailer | |
Access Permissions Screen | access-permissions | Permission to create and edit roles and permissions. Accessible from Administration -> Permissions. |
Add all users to a room | add-all-to-room | Permission to add all users to a room. |
Add Omnichannel Agents to Departments | add-livechat-department-agents | Permission to assign an onmichannel agent to a department. |
Add OAuth Service | add-oauth-service | Permission to manage different OAuth services and apps. Accessible from Administration -> OAuth Apps. |
Add Team Channel | add - team - channel | Permission to add channels to a team. |
Add Team Member | add - team - member | Permission to add members to a team. |
Add User to Any Public Channel | add-user-to-any-c-room | Permission to add a user to a public channel. |
Add User to Any Private Channel | add-user-to-any-p-room | Permission to add a user to a private channel. |
Add User to Any Joined Channel | add-user-to-joined-room | Permission to add a user to a joined channel. |
Bypass rate limit for REST API | api-bypass-rate-limit | |
Archive Room | archive-room | Permission to archive a channel. |
Assign Admin Role | assign-admin-role | Permission to promote user to Admin. Requires view-user-administration permission. Accessible from Administration -> Users. |
Assign Roles | assign-roles | Permission to assign roles for a user. Requires view-user-administration permission. Accessible from Administration -> Users. |
Auto Translate | auto-translate | Permission to use the Auto Translate Tool. Accessible from Administration > Workspace > Settings > Message > Auto Translate. |
Ban User | ban-user | Permission to ban a user. |
Block IP Device Management | bulk-create-c | Permission to bulk create public channels. |
Bulk Create Users | bulk-register-user | Permission to bulk add users. |
Bypass time limit | | |
Call Management | call-management | Permission to start a meeting. Requires Video Conference -> BigBlueButton enabled. Accessible from More -> BBB Video Chat -> Start Meeting. |
Clean Channel History | clean-channel-history | Permission to prune a channel's messages and/or files. |
| clean-group-history | Permission to prune a group's messages and/or files. |
| clean-direct-history | Permission to prune direct messages and/or files. |
Close Omnichannel Room | close-livechat-room | Permission to close your own Live Chat channels. |
Close Other Omnichannel Room | close-others-livechat-room | Permission to close other Live Chat channels. |
Convert Team | convert-team | Permission to convert team to channel. |
Create Public Channels | create-c | Permission to create public channels. |
Create Direct Messages | create-d | Permission to start direct messages. |
Create Invite Links | create - invite - links | Permission to create invite links to add members to a room |
Create Private Channels | create-p | Permission to create private groups. |
Create Personal Access Tokens | create-personal-access-tokens | Permission to create Personal Access Tokens. Accessible from My Account -> Personal Access Tokens. |
Create User | create-user | Permission to create new users. Accessible from Administration -> Users. Click the + sign found on the top right hand corner of the Users list to create a new user. |
Create Team | create-team | Permission to create a team. |
Delete Public Channels | delete-c | Permission to delete public channels. |
Delete Direct Messages | delete-d | Permission to delete direct messages. |
Delete Message | delete-message | Permission to delete a message within a channel. |
Delete Own Message | delete - own - message | Permission to delete your own message. |
Delete Private Channels | delete-p | Permission to delete private channels. |
Edit Livechat Room Custom Fields | edit-livechat-room-customfields | Permission to edit a livechat custom field. |
Delete User | delete-user | Permission to delete users. |
Delete Team | delete-team | Permission to delete a team |
Edit Message | edit-message | Permission to edit a message. |
Edit Omnichannel Contact | edit-omnichannel-contact | Permission to edit omnichannel contact. |
Edit Other User Active Status | edit-other-user-active-status | Permission to enable or disable other accounts. Accessible from Administration -> Users. |
Edit Other User Avatar | edit - other -user- avatar | Permission to edit other users avatar. |
Edit Other User E2E Encryption | edit - other - user - e2e e | Permision to edit other users E2E key. |
Edit Other User Information | edit-other-user-info | Permission to change other user's name, username or email address. Accessible from Administration -> Users. |
Edit Other User Password | edit-other-user-password | Permission to modify other user's passwords. Requires edit-other-user-info permission. Accessible from Administration -> Users. |
Edit Other User Two Factor TOTP | edit - other - user - totp | Permission to edit other user TOTP. |
Edit Privileged Setting | edit-privileged-setting | Permission to edit privileged settings. |
Edit Room | edit-room | Permission to edit a room's name, topic, type (private or public status) and status (active or archived). |
Edit Room Avatar | edit - room - avatar | Permission to edit a room avatar. |
Edit Room's Retention Policy | edit-room-retention-policy | Permission to edit's a room's retention policy. |
Edit Team | edit - team | Permission to edit a team. |
Edit Team Channel | edit - team - channel | Permission to add a team channel |
Edit Team Member | edit - team - member | Permission to add a team member. |
Force Delete Message | force-delete-message | Permission to forcefully delete messages, independent of any deletion blocking setting. |
Inbound Voip Calls | inbound - voip - calls | |
Join Without Join Code | join-without-join-code | Permission to bypass join codes when entering a channel with a join code set. |
Leave Channels | leave-c | Permission to leave the public channel. |
Leave Private Groups | leave-p | Permission to leave the private channel. |
Logout Device Management | logout - device - management | Permission to log out device management |
Logout Other User | logout - other - user | Permission to log out other users. |
Mail Messages | mail-messages | Permission to use the "Mail Messages" tool in the channel actions menu. |
Manage Agent Extension Association | manage - agent - extension - association | Permission to manange extension association. |
Manage Apps | manage-apps | Permission to manage all apps. Accessible from Administration -> Apps. |
Manage Assets | manage-assets | Permission to manage assets. Must also be admin Accessible from Administration -> Assets. |
manage-chatpal | | |
Manage Email Inbox | manage - email - inbox | |
Manage Cloud | manage-cloud | Permission to manage cloud. Requires view-user-administration permission. Accessible from Administration -> Cloud. |
Manage Emoji | manage-emoji | Permission to add custom emojis to the server. Accessible from Administration -> Custom Emoji. |
Manage Incoming Integrations | manage-incoming-integrations | Permission to manage all incoming integrations. Accessible from Administration -> Integrations. |
Manage Outgoing Integrations | manage-outgoing-integrations | Permission to manage all ougoing integrations. Accessible from Administration -> Integrations. |
Manage OAuth Apps | manage-oauth-apps | Permission to manage OAuth apps. Accessible from Administration -> OAuth. |
Manage Outgoing Integrations | manage-outgoing-integrations | Permission to manage all outgoing integrations. Accessible from Administration -> Integrations. |
Manage Outgoing Integrations | manage-own-outgoing-integrations | User can create and edit own outgoing integration - webhooks. |
Manage Own Incoming Integrations | manage-own-incoming-integrations | User can create and edit own incoming integration - webhooks. |
Manage Omnichannel Agents | manage -livechat- agents | |
Manage Omnichannel Canned Responses | manage-livechat-canned-responses | |
Manage Omnichannel Departments | manage-livechat- departments | |
Manage Omnichannel Managers | manage-livechat-managers | |
Manage Omnichannel Monitors | manage -livechat- monitors | |
Manage Omnichannel Priorities | manage-livechat-priorities | |
Manage Omnichannel SLA | manage-livechat-sla | |
Manage Omnichannel Tags | manage-livechat-tags | |
Manage Omnichannel Units | manage-livechat-units | |
Manage Moderation Actions | manage-moderation-actions | |
Change Some Settings | manage-selected-settings | Permission to change settings which are explicitly granted to be changed. |
Manage Sounds | manage-sounds | Permission to manage sounds. Accessible from Administration -> Custom Sounds. |
Manage User Status | manage - user - status | Permission to manage user status. |
Manage Voip Call Settings | manage - voip - call - settings | Permission to manage Voip call settings. |
Manage Voip Contact Center Settings | manage-voip-contact-center-settings | Permission to manage Voip contact center. |
Mention All | mention-all | Permission to mention everyone in a channel. |
Mention Here | mention-here | Permission to notify active users in a channel. |
Impersonate Other Users | message-impersonate | Permission to impersonate other users using message alias. Accessible from Administration -> Permissions. | |
Mute User | mute-user | Permission to mute other users in the same channel. |
On Hold Omnichannel Room | on-hold-livechat-room | Permission to put a room on hold. |
On Hold Others Omnichannel Room | on - hold -others-livechat- room | Permission to put livechat room on hold for others. |
Outbound Voip Calls | outbound - voip - calls | Permission to outbound voip calls. |
Pin Message | pin-message | Permission to pin a message in a channel. |
Post ReadOnly | post-readonly | Permission to post messages on read-only channels. |
Preview Public Channel | preview-c-room | Permission to preview public channels. |
Register On Cloud | register-on-cloud | Permission to register a workspace manually. |
Remove Canned Responses | remove - canned - responses | |
Remove Closed Omnichannel Room | remove-closed-livechat-rooms | Permission to close Live Chat rooms. Requires view-livechat-rooms permission. Accessible from Live Chat -> Current Chats. |
Remove Omnichannel Departments | remove - livechat -department | |
Remove Slackbridge Links | remove-slackbridge-links | Permission to remove slackbridge links |
Remove Team Channel | remove-team-channel | Permission to remove a channel from a team. |
Remove User | remove-user | Permission to remove users from channels. |
Request PDF Transcript | request - pdf - transcript | Permission to request a PDF transcript for a chat. |
Restart the server | restart _ server | Permission to reset the server. |
Reset Other User E2E | reset-other-user-e2e-key | |
Run Import | run-import | Permission to use the data importer tools. Must also be an admin. Accessible from Administration -> Import. |
Run Migration | run-migration | Permission to run migrations. |
Save All Canned Responses | save - all - canned - responses | Permission to save all canned responses. |
Save Canned Responses | save - canned - responses | Permission to save canned responses. |
Save Department Canned Responses | save - department - canned - responses | Permission to save canned responses in the right. |
Save Others Omnichannel Room Info | save-others-livechat-room-info | Permission to add additional information to both the visitor and Live Chat rooms. |
Send Many Messages | send-many-messages | Permission to bypasses rate limit of 5 messages per second. |
Send Omnichannel Conversation Transcript | send-omnichannel-chat-transcript | Permission to send omnichannel transcript. |
Set Leader | set-leader | Permission to set leaders for channels |
Set Moderator | set-moderator | Permission to set moderators for channels. |
Set Owner | set-owner | Permission to set other users as owner of a public channel. |
Set React When ReadOnly | set-react-when-readonly | Permission to react to messages in only channels. |
Set ReadOnly | set-readonly | Permission to set room read-only. Accessible from Room Info -> Edit. |
Snippet Message | snippet-message | Permission to create message snippets. |
Spy Voip Calls | spy - voip - calls | |
Start Discussion | start-discussion | Permission to start a discussion. |
Start Discussion (Other-User) | start-discussion-other-user | Permission to start a discussion, which gives permission to the user to create a discussion from a message sent by another user as well. |
Sync authentication services' users | sync -auth- services -users | Permission to sync users from other authentication services to the workspace. |
Toggle Room E2E Encryption | toggle - room - e2e - encryption | Permission to toggle E2E encryption. |
Unarchive Room | unarchive-room | Permission to unarchive channels. |
User Generate Access Token | user-generate-access-token | Permission to create authorization tokens for users. |
Ring other users when calling | videoconf-ring-users | Permission to ring other users when calling. |
View Agent Canned Responses | view-agent-canned-responses | Permission to view canned responses of an agent. |
View Agent Extension Association | view-agent-extension-association | Permission to view agent extension association. |
View All Canned Responses | view-all-canned-responses | Permission to view all canned responses |
View All Team Channels | view-all-team-channels | Permission to view all team's channels |
View All Teams | view-all-teams | Permission to view all teams |
View Members List in Broadcast Room | view-broadcast-member-list | Permission to view the list of users in a broadcast channel. |
View Public Channel | view-c-room | Permission to view public channels. |
View Direct Messages | view-d-room | Permission to view direct messages. Does not affect the ability to begin/start a direct message with another user. |
View Device Management | view-device-management | Permission to view device management dashboard |
View Engagement Dashboard | view-engagement-dashboard | Permission to view engagement dashboard. |
View Federation Data | view-federation-data | Permission to view federation data |
View Full Other User Info | view-full-other-user-info | Permission to view full profile of other users including account creation date, last login, etc. |
View History | view-history | Permission to view the channel history. |
View Import Operations | view-import-operations | Permission to view import operations |
View Join Code | view-join-code | Permission to view the join code of channels. |
View Joined Room | view-joined-room | Permission to view current joined channels. |
View Omnichannel Rooms | view-l-room | Permission to view Live Chat channel. |
View Omnichannel Analytics | view-livechat-analytics | Permission to view Live Chat analytics. Requires Live Chat feature enabled and view-Livehat-manager permission. |
View Omnichannel Appearance | view-livechat-appearance | Permission to view live chat appearance. |
View Omnichannel Business-Hours | view-livechat-business-hours | Permission to view live chat business hours. |
View Omnichannel Current Chats | view-livechat-current-chats | Permission to view live chat current chats |
View Omnichannel Custom Fields | view-livechat-customfields | Permission to view Omnichannel custom fields. |
View Omnichannel Departments | view-livechat-departments | Permission to view Omnichannel departments. |
View Omnichannel Installation | view-livechat-installation | Permission to view Omnichannel installation |
View Omnichannel Manager | view-livechat-manager | Permission to view other Live Chat managers. |
View Omnichannel Queue | view-livechat-queue | Permission to view Omnichannel queue |
View Omnichannel Real-time Monitoring | view-livechat-real-time-monitoring | Permision to view live chat real time monitoring. |
View Omnichannel Rooms closed by another agent | view-livechat-room-closed-by-another-agent | Permission to view live chat rooms closed by another agent. |
View Omnichannel Rooms closed by another agent in the same department | view-livechat-room-closed-same-department | Permission to view live chat rooms closed by another agent in the same department. |
View Omnichannel Rooms | view-livechat-rooms | Permission to view a list of Live Chat channels. |
View Omnichannel Triggers | view-livechat-triggers | Permission to view live chat triggers. |
View Omnichannel Webhooks | view-livechat-webhooks | Permission to view live chat webhooks |
View Logs | view-logs | Permission to view logs. Accessible from Administration -> View Logs. |
View Moderation Console | view-moderation-console | Permission to view moderation console of the server. |
View Omnichannel Contact Center | View Omnichannel Contact Center | Permission to manage access to the contact center. |
View Other User Channels | view-other-user-channels | Permission to manage channels on the admin screen. |
View Outside Room | view-outside-room | Permission to find new channels and users. Users without this permission won't see channels that they are not part of when searching using the spotlight. |
View Private Room | view-p-room | Permission to view private channels. |
View Privileged Setting | view-privileged-setting | Permission to view privileged settings. |
View Room Administration | view-room-administration | Enables Administration -> Channels module. Enables Permission to view public, private, and direct message statistics. Does not include permission to view conversations or archives. |
View StatisticsView User Administration | view-statistics | Enables Administration -> Info module. Enables the permission to view system statistics such as number of users logged in, number of rooms, operating system information. |
View User Administration | view-user-administration | Enables Administration -> Users module. Only includes partial, read-only list view of other user accounts currently logged into the system. No user account information is accessible with this permission. Add view-full-other-user-info to see a complete list of other users via the Administration -> Users. |
Can Audit | can-audit | Permission to access the Message Auditing Panel |
Can Audit Log | can-audit-log | Permission to check the details about who used the Message Auditing Panel and their search results |
Allow file upload on mobile devices | Allow file download on mobile devices | permission to allow mobile users to be able to download and upload files from and to the server |
Last modified 12d ago