Permissions
Rocket.Chat has a vast and customizable permissions system. Most actions a user can make require particular permission, so you can customize what users can do and see.
To access this menu:
Navigate to Administration > Workspace > Permissions
Permission changes are immediate and transparent. Users do not need to log out, log in, or refresh for permissions to be applied.
A
Role
is a set of permissions that are given to users. Rocket.Chat comes with a set of default roles that can be modified.Roles are shown as little tags on the side of a username on messages.
Roles can have different scopes. Currently, we have two scopes
Global
and Rooms
.Global scope: A role with the
Global
scope is valid for the whole server.Room scope: A role with the
Room
scope gets applied to rooms, where a user has to be elected to that role in that channel.An example of
Global
scope role is the admin
role having permissions valid for the whole server, while a moderator
role is a Room
scope role which has permissions valid only in a channel they were elected for.As a workspace administrator, you can create new roles with custom permissions for your workspace.
As from Rocket.Chat
​
V6.0.x.x
the creating and editing of custom roles is an enterprise feature. %20(3)%20(3)%20(3)%20(3)%20(3)%20(3)%20(3)%20(3)%20(2)%20(3)%20(1)%20(1)%20(1)%20(1)%20(2)%20(1)%20(1)%20(7).jpg?alt=media)
To create a new role,
- Navigate to Administration > Workspace > Permissions
- Click on New role
- A side panel opens, provide the details required
- Role: Name of the role.
- Description: Set a description of the role.
- Save
You can now allocate permissions to the role by checking the checkbox corresponding to each permission beneath the role.
- admin
(Users)
- Have access to all settings and administrator tools. - moderator
(Subscriptions)
- Have moderation permissions for a channel. It has to be elected by a channel owner. - owner
(Subscriptions)
- Have owner permissions for a channel. Users who create a channel become the owner of that channel. They can also elect more owners for that channel. - user
(Users)
- Normal user rights. Most users receive this role when registering. - bot
(Users)
- Special Role for bot users, with some permissions related to bot functionality. - leader
(Subscriptions)
- it doesn't have any special permissions but is used when setting aleader
to a channel. Leaders appear on the header of a channel. - anonymous
(Users)
- unauthenticated users that access the server when theAllow Anonymous Read
setting is activated. - guest
(Users)
- anonymous users that want to write and participate in channels when theAllow Anonymous Read
andAllow Anonymous Write
settings are activated. - livechat-agent
(Users)
- Agents of Live Chat. They can answer to Live Chat requests. - livechat-manager
(Users)
- Manager of Live Chat, can manage agents and guests. - livechat-guest
(Users)
- Users coming from a Live Chat channel.
Permission | Purpose |
---|---|
access-mailer | |
access-permissions | Permission to create and edit roles and permissions. Accessible from Administration -> Permissions. |
add-oauth-service | Permission to manage different OAuth services and apps. Accessible from Administration -> OAuth Apps. |
add-user-to-any-c-room | Permission to add a user to a public channel. |
add-user-to-any-p-room | Permission to add a user to a private channel. |
add-user-to-joined-room | Permission to add a user to a joined channel. |
api-bypass-rate-limit | |
archive-room | Permission to archive a channel. |
assign-admin-role | Permission to promote user to Admin. Requires view-user-administration permission. Accessible from Administration -> Users. |
assign-roles | Permission to assign roles for a user. Requires view-user-administration permission. Accessible from Administration -> Users. |
auto-translate | Permission to use the Auto Translate Tool. Accessible from Administration -> Message -> Auto Translate. |
ban-user | Permission to ban a user. |
bulk-create-c | Permission to bulk create public channels. |
bulk-register-user | Permission to bulk add users. |
call-management | Permission to start a meeting. Requires Video Conference -> BigBlueButton enabled. Accessible from More -> BBB Video Chat -> Start Meeting. |
clean-channel-history | Permission to prune a channel's messages and/or files. |
clean-group-history | Permission to prune a group's messages and/or files. |
clean-direct-history | Permission to prune direct messages and/or files. |
close-livechat-room | Permission to close your own Live Chat channels. |
close-others-livechat-room | Permission to close other Live Chat channels. |
create-c | Permission to create public channels. |
create-d | Permission to start direct messages. |
create-p | Permission to create private groups. |
create-personal-access-tokens | Permission to create Personal Access Tokens. Accessible from My Account -> Personal Access Tokens. |
create-user | Permission to create new users. Accessible from Administration -> Users. Click the + sign found on the top right hand corner of the Users list to create a new user. |
delete-c | Permission to delete public channels. |
delete-d | Permission to delete direct messages. |
delete-message | Permission to delete a message within a channel. |
delete-p | Permission to delete private channels. |
delete-user | Permission to delete users. |
edit-message | Permission to edit a message. |
edit-other-user-active-status | Permission to enable or disable other accounts. Accessible from Administration -> Users. |
edit-other-user-info | Permission to change other user's name, username or email address. Accessible from Administration -> Users. |
edit-other-user-password | Permission to modify other user's passwords. Requires edit-other-user-info permission. Accessible from Administration -> Users. |
edit-privileged-setting | Permission to edit privileged settings. |
edit-room | Permission to edit a room's name, topic, type (private or public status) and status (active or archived). |
edit-room-retention-policy | Permission to edit's a room's retention policy. |
force-delete-message | Permission to forcefully delete messages, independent of any deletion blocking setting. |
join-without-join-code | Permission to bypass join codes when entering a channel with a join code set. |
leave-c | Permission to leave the public channel. |
leave-p | Permission to leave the private channel. |
mail-messages | Permission to use the "Mail Messages" tool in the channel actions menu. |
manage-apps | Permission to manage all apps. Accessible from Administration -> Apps. |
manage-assets | Permission to manage assets. Must also be admin Accessible from Administration -> Assets. |
manage-cloud | Permission to manage cloud. Requires view-user-administration permission. Accessible from Administration -> Cloud. |
manage-emoji | Permission to add custom emojis to the server. Accessible from Administration -> Custom Emoji. |
manage-outgoing-integrations | Permission to manage all outgoing integrations. Accessible from Administration -> Integrations. |
manage-incoming-integrations | Permission to manage all incoming integrations. Accessible from Administration -> Integrations. |
manage-oauth-apps | Permission to manage OAuth apps. Accessible from Administration -> OAuth. |
manage-own-outgoing-integrations | User can create and edit own outgoing integration - webhooks. |
manage-own-incoming-integrations | User can create and edit own incoming integration - webhooks. |
manage-sounds | Permission to manage sounds. Accessible from Administration -> Custom Sounds. |
mention-all | Permission to mention everyone in a channel. |
mention-here | Permission to notify active users in a channel. |
message-impersonate | Permission to impersonate other users using message alias. Accessible from Administration -> Permissions. | |
mute-user | Permission to mute other users in the same channel. |
pin-message | Permission to pin a message in a channel. |
post-readonly | Permission to post messages on read-only channels. |
preview-c-room | Permission to preview public channels. |
remove-closed-livechat-rooms | Permission to close Live Chat rooms. Requires view-livechat-rooms permission. Accessible from Live Chat -> Current Chats. |
remove-user | Permission to remove users from channels. |
reset-other-user-e2e-key | |
run-import | Permission to use the data importer tools. Must also be an admin. Accessible from Administration -> Import. |
run-migration | Permission to run migrations. |
save-others-livechat-room-info | Permission to add additional information to both the visitor and Live Chat rooms. |
send-many-messages | Permission to bypasses rate limit of 5 messages per second. |
set-leader | Permission to set leaders for channels |
set-moderator | Permission to set moderators for channels. |
set-owner | Permission to set other users as owner of a public channel. |
set-react-when-readonly | Permission to react to messages in only channels. |
set-readonly | Permission to set room read-only. Accessible from Room Info -> Edit. |
snippet-message | Permission to create message snippets. |
start-discussion | Permission to start a discussion. |
start-discussion-other-user | Permission to start a discussion, which gives permission to the user to create a discussion from a message sent by another user as well. |
unarchive-room | Permission to unarchive channels. |
user-generate-access-token | Permission to create authorization tokens for users. |
view-broadcast-member-list | Permission to view the list of users in a broadcast channel. |
view-c-room | Permission to view public channels. |
view-d-room | Permission to view direct messages. Does not affect the ability to begin/start a direct message with another user. |
view-full-other-user-info | Permission to view full profile of other users including account creation date, last login, etc. |
view-history | Permission to view the channel history. |
view-join-code | Permission to view the join code of channels. |
view-joined-room | Permission to view current joined channels. |
view-l-room | Permission to view Live Chat channel. |
view-livechat-analytics | Permission to view Live Chat analytics. Requires Live Chat feature enabled and view-Livehat-manager permission. |
view-livechat-manager | Permission to view other Live Chat managers. |
view-livechat-rooms | Permission to view a list of Live Chat channels. |
view-logs | Permission to view logs. Accessible from Administration -> View Logs. |
View Omnichannel Contact Center | Permission to manage access to the contact center. |
view-other-user-channels | Permission to manage channels on the admin screen. |
view-outside-room | Permission to find new channels and users. Users without this permission won't see channels that they are not part of when searching using the spotlight. |
view-p-room | Permission to view private channels. |
view-privileged-setting | Permission to view privileged settings. |
view-room-administration | Enables Administration -> Channels module. Enables Permission to view public, private, and direct message statistics. Does not include permission to view conversations or archives. |
view-statistics | Enables Administration -> Info module. Enables the permission to view system statistics such as number of users logged in, number of rooms, operating system information. |
view-user-administration | Enables Administration -> Users module. Only includes partial, read-only list view of other user accounts currently logged into the system. No user account information is accessible with this permission. Add view-full-other-user-info to see a complete list of other users via the Administration -> Users. |
auditor-log | Permission to check the details about who used the Message Auditing Panel and their search results |
can-audit-log | Permission to check the details about who used the Message Auditing Panel and their search results |
view-engagement-dashboard | Permission to who can view engagement dashboard |
Allow file download on mobile devices | permission to allow mobile users to be able to download and upload files from and to the server |
Last modified 2d ago