Permissions are essential for maintaining the security and integrity of your workspace, ensuring that users have appropriate access to specific functionalities and resources. Rocket.Chat offers a robust permission-based framework to manage access across various workspace features.
Permissions are assigned to roles, and users with those roles gain the corresponding access. Workspace administrators and users with the necessary permissions can modify both roles and their associated permissions as needed. To learn about managing roles, see Roles in Rocket.Chat.
Access Permissions menu
To access the workspace Permissions, go to Manage → Workspace → Permissions. By default, administrators have all permissions, and other roles have specific permissions selected. You can select and deselect permissions under a role, allowing you to manage the actions that users with a specific role can perform.
If you want custom control over the assigned permissions, create custom roles and select the required permissions for the custom roles. You can then assign the roles to users, and they will gain access to the respective features.
For granular control over workspace settings, refer to the Permissions for Settings document.
Permission updates take effect instantly without requiring users to log out, sign in again, or refresh the system.
List of permissions
The permissions you can assign to a role on your workspace include the following:
You can also use REST API endpoints to view and update permissions. Refer to the Permissions API for details.
Name | Codebase Name | Purpose |
|---|---|---|
Manage ABAC configuration |
| Permission to manage Attribute-Based Access Control (ABAC) configuration. |
Access Federation |
| Permission to access federation features, create and join federated rooms. |
Access Mailer Screen |
| Permission to use the Mailer Tool. |
Access marketplace |
| Permission to access the Rocket.Chat app Marketplace. |
Access Permissions Screen |
| Permission to create and edit roles and permissions. |
Modify Setting-Based Permissions |
| Permission to access and configure per-setting permissions. |
Add all users to a room |
| Permission to add all users to a room. |
Add Omnichannel Agents to Departments |
| Permission to assign an omnichannel agent to a department. |
Add OAuth Service |
| Permission to manage different OAuth services and apps. |
Move room within team |
| Permission to add an existing room to a team. |
Add Team Member |
| Permission to add members to a team. |
Add User to Any Public Channel |
| Permission to add a user to a public channel. |
Add User to Any Private Channel |
| Permission to add a user to a private channel. |
Add User to Any Joined Channel |
| Permission to add a user to a joined channel. |
Bypass rate limit for REST API |
| Permission to call API without rate limitation. See Rate Limiter. |
Archive Room |
| Permission to archive a channel. |
Assign Admin Role |
| Permission to assign a user to the admin role. Requires |
Assign Roles |
| Permission to assign roles for a user. Requires |
Auto Translate |
| Permission to use the Auto Translate Tool. |
Ban User |
| Permission to ban a user. |
Block IP Device Management |
| Permission to block IP addresses through the device management panel. |
Block Omnichannel contact channel |
| Permission to block an Omnichannel contact from starting conversations. |
Bulk Create Users |
| Permission to bulk add users. |
Bypass time limit |
| Permission to edit or delete messages after the configured time limit has expired. |
Call Management |
| Permission to start a meeting. Requires Video Conference → BigBlueButton enabled. Accessible from More → BBB Video Chat → Start Meeting. |
Change Livechat Room Visitors |
| Permission to change the visitor assigned to an Omnichannel room. |
Clean Channel History |
| Permission to prune a channel's messages and/or files. |
Clear OEmbed cache |
| Permission to clear the oEmbed URL preview cache. |
Close Omnichannel Room |
| Permission to close your own Livechat channels. |
Close Other Omnichannel Room |
| Permission to close other Livechat channels. |
Convert Team |
| Permission to convert team to channel. |
Create Public Channels |
| Permission to create public channels. |
Create Direct Messages |
| Permission to start direct messages. |
Create Invite Links |
| Permission to create invite links to add members to a room |
Create Omnichannel contacts |
| Permission to create Omnichannel contacts. |
Create Private Channels |
| Permission to create private groups. |
Create Personal Access Tokens |
| Permission to create Personal Access Tokens. Accessible from My Account -> Personal Access Tokens. |
Create User |
| Permission to create new users. Accessible from Manage → Users. Click New user on the top right-hand corner of the Users page to create a new user. |
Create Team |
| Permission to create a team. |
Create group within team |
| Permission to create private channels in a Team. |
Create channel within team |
| Permission to create public channels in a Team. |
Delete Public Channels |
| Permission to delete public channels. |
Delete Direct Messages |
| Permission to delete direct messages. |
Delete Message |
| Permission to delete a message within a channel. |
Delete Own Message |
| Permission to delete your own message. |
Delete Private Channels |
| Permission to delete private channels. |
Delete group within Team |
| Permission to delete private channels in a Team |
Delete channel within Team |
| Permission to delete public channels in a Team |
Edit Livechat Room Custom Fields |
| Permission to edit a livechat custom field. |
Delete User |
| Permission to delete users. |
Delete Team |
| Permission to delete a team |
Edit Message |
| Permission to edit a message. |
Edit Omnichannel Contact |
| Permission to edit omnichannel contact. |
Edit Other User Active Status |
| Permission to enable or disable other accounts. Accessible from Manage → Users. |
Edit Other User Avatar |
| Permission to edit other users avatar. |
Edit Other User E2E Encryption |
| Permission to edit other users E2E key. |
Edit Other User Information |
| Permission to change other user's name, username, or email address. Accessible from Manage → Users. |
Edit Other User Password |
| Permission to modify other user's passwords. Requires edit-other-user-info permission. Accessible from Manage → Users. |
Edit Other User Two Factor TOTP |
| Permission to edit other user TOTP. |
Edit Privileged Setting |
| Permission to edit privileged settings. |
Edit Room |
| Permission to edit a room's name, topic, type (private or public status), and status (active or archived). |
Edit Room Avatar |
| Permission to edit a room avatar. |
Edit Room's Retention Policy |
| Permission to edit a room's retention policy. |
Edit Team |
| Permission to edit a team. |
Edit Team Channel |
| Permission to add a team channel |
Edit Team Member |
| Permission to add a team member. |
Export messages as PDF |
| Permission to export room messages as a PDF document. |
Force Delete Message |
| Permission to forcefully delete messages, independent of any deletion blocking setting. |
Get Server Info |
| Permission to retrieve server version and configuration information through the API. |
Join Without Join Code |
| Permission to bypass join codes when entering a channel with a join code set. |
Kick User from Any Public Channel |
| Permission to remove any user from any public channel. |
Kick User from Any Private Channel |
| Permission to remove any user from any private channel. |
Leave Channels |
| Permission to leave the public channel. |
Leave Private Groups |
| Permission to leave the private channel. |
Logout Device Management |
| Permission to log out device. |
Logout Other User |
| Permission to log out other users. |
Mail Messages |
| Permission to use the "Mail Messages" tool in the channel actions menu. |
Manage ABAC room attributes |
| Permission to manage ABAC attributes on rooms. |
Manage ABAC rooms |
| Permission to manage ABAC-protected rooms. |
Manage ABAC settings |
| Permission to manage ABAC settings. |
Manage Apps |
| Permission to manage all apps. Accessible from Marketplace. |
Manage Assets |
| Permission to manage assets. Must also be admin. Accessible from Manage → Assets. |
Manage Email Inbox |
| Permission to manage email inbox. |
Manage Cloud |
| Permission to manage cloud. Requires view-user-administration permission. Accessible from Manage → Subscription. |
Manage Emoji |
| Permission to add custom emojis to the server. Accessible from Manage → Custom Emoji. |
Manage Incoming Integrations |
| Permission to manage all incoming integrations. Accessible from Manage → Integrations. |
Manage Outgoing Integrations |
| Permission to manage all outgoing integrations. Accessible from Manage → Integrations. |
Manage OAuth Apps |
| Permission to manage OAuth apps. Accessible from Manage → Workspace → Settings → OAuth. |
Manage Own Outgoing Integrations |
| User can create and edit own outgoing integration - webhooks. |
Manage Own Incoming Integrations |
| User can create and edit own incoming integration - webhooks. |
Manage Omnichannel Agents |
| Permission to manage omnichannel agents. |
Manage Omnichannel Canned Responses |
| Permission to manage canned responses. |
Manage Omnichannel Departments |
| Permission to manage omnichannel departments. |
Manage Omnichannel Managers |
| Permission to manage omnichannel managers. |
Manage Omnichannel Monitors |
| Permission to manage omnichannel monitors. |
Manage Omnichannel Priorities |
| Permission to manage omnichannel priorities. |
Manage Omnichannel SLA |
| Permission to manage omnichannel SLA |
Manage Omnichannel Tags |
| Permission to manage omnichannel tags. |
Manage Omnichannel Units |
| Permission to manage omnichannel units. |
Manage Moderation Actions |
| Permission to manage moderation. |
Change Some Settings |
| Permission to change settings which are explicitly granted to be changed. |
Manage Sounds |
| Permission to manage sounds. Accessible from Manage → Custom Sounds. |
Manage User Status |
| Permission to manage user status. |
Mention All |
| Permission to mention everyone in a channel. |
Mention Here |
| Permission to notify active users in a channel. |
Impersonate Other Users |
| Permission to impersonate other users using message alias. Accessible from Manage → Permissions. |
Mute User |
| Permission to mute other users in the same channel. |
On Hold Omnichannel Room |
| Permission to put a room on hold. |
On Hold Others Omnichannel Room |
| Permission to put livechat room on hold for others. |
Can assign any agent to receive outbound |
| Permission to assign any available agent to outbound campaign contacts. |
Can assign departments to receive outbound |
| Permission to assign department queues in outbound campaigns. |
Can assign self only to receive outbound |
| Permission to assign only yourself to outbound campaign contacts. |
Send outbound messages |
| Permission to send messages in outbound campaign conversations. |
Pin Message |
| Permission to pin a message in a channel. |
Post ReadOnly |
| Permission to post messages on read-only channels. |
Preview Public Channel |
| Permission to preview messages in public channels without joining the room. |
Register On Cloud |
| Permission to register a workspace manually. |
Remove Canned Responses |
| Permission to remove canned responses. |
Remove Closed Omnichannel Room |
| Permission to remove a single closed Omnichannel conversation. |
Remove Closed Omnichannel Room |
| Permission to close Live Chat rooms. Requires |
Remove Omnichannel Departments |
| Permission to remove omnichannel departments. |
Remove Slackbridge Links |
| Permission to remove slackbridge links |
Remove Team Channel |
| Permission to remove a channel from a team. |
Remove User |
| Permission to remove users from channels. |
Request PDF Transcript |
| Permission to request a PDF transcript for a chat. |
Restart the server |
| Permission to reset the server. |
Run Import |
| Permission to use the data importer tools. Must also be an admin. Accessible from Manage → Import. |
Run Migration |
| Permission to run migrations. |
Save All Canned Responses |
| Permission to save all canned responses. |
Save Canned Responses |
| Permission to save canned responses. |
Save Department Canned Responses |
| Permission to save canned responses in the right. |
Save Others Omnichannel Room Info |
| Permission to add additional information to both the visitor and Live Chat rooms. |
Send Emails |
| Permission to send email messages through the server mailer. |
Send Many Messages |
| Permission to bypasses rate limit of 5 messages per second. |
Send Omnichannel Conversation Transcript |
| Permission to send omnichannel transcript. |
Set Leader |
| Permission to set leaders for channels |
Set Moderator |
| Permission to set moderators for channels. |
Set Owner |
| Permission to set other users as owner of a public channel. |
Set React When ReadOnly |
| Permission to react to messages in only channels. |
Set ReadOnly |
| Permission to set room read-only. Accessible from Room Info -> Edit. |
Start Discussion |
| Permission to start a discussion. |
Start Discussion (Other-User) |
| Permission to start a discussion, which permits the user to create a discussion from a message sent by another user as well. |
Sync authentication services' users |
| Permission to sync users from other authentication services to the workspace. |
Test options on admin panel |
| Permission to test and validate admin configuration options, such as the LDAP connection test. |
Test push notifications |
| Permission to send test push notifications to devices. |
Toggle Room E2E Encryption |
| Permission to toggle E2E encryption. |
Transfer Livechat Guests |
| Permission to transfer an Omnichannel visitor to another agent or department. |
Unarchive Room |
| Permission to unarchive channels. |
Unblock Omnichannel contact channel |
| Permission to unblock a previously blocked Omnichannel contact. |
Update Omnichannel contacts |
| Permission to update existing Omnichannel contact records. |
User Generate Access Token |
| Permission to create authorization tokens for users. |
Ring other users when calling |
| Permission to ring other users when calling. |
View ABAC audit log |
| Permission to view the ABAC audit log. |
View Agent Canned Responses |
| Permission to view canned responses of an agent. |
View All Canned Responses |
| Permission to view all canned responses |
View All Team Channels |
| Permission to view all team's channels |
View All Teams |
| Permission to view all teams |
View Members List in Broadcast Room |
| Permission to view the list of users in a broadcast channel. |
View Public Channel |
| Permission to view public channels. |
View Canned Responses |
| Permission to view available Omnichannel canned responses. |
View Direct Messages |
| Permission to view direct messages. Does not affect the ability to begin/start a direct message with another user. |
View Device Management |
| Permission to view device management dashboard |
View Engagement Dashboard |
| Permission to view engagement dashboard. |
View Federation Data |
| Permission to view federation data |
View Full Other User Info |
| Permission to view full profile of other users including account creation date, last login, etc. |
View Import Operations |
| Permission to view import operations |
View Join Code |
| Permission to view the join code of channels. |
View Joined Room |
| Permission to view current joined channels. |
View Omnichannel Rooms |
| Permission to view Omnichannel rooms. It’s typically assigned to agents. |
View Omnichannel Analytics |
| Permission to view Live Chat analytics. Requires Live Chat feature enabled and |
View Omnichannel Appearance |
| Permission to view live chat appearance. |
View Omnichannel Business-Hours |
| Permission to view live chat business hours. |
View Omnichannel contacts |
| Permission to view Omnichannel contact details. |
View Omnichannel contacts history |
| Permission to view the conversation history of an Omnichannel contact. |
View Omnichannel Custom Fields |
| Permission to view Omnichannel custom fields. |
View Omnichannel Departments |
| Permission to view Omnichannel departments. |
View Omnichannel Installation |
| Permission to view Omnichannel installation |
View Omnichannel Manager |
| Permission to view other Live Chat managers. |
View Omnichannel Queue |
| Permission to view Omnichannel queue |
View Omnichannel Real-time Monitoring |
| Permission to view livechat real-time monitoring. |
View Omnichannel Reports |
| Permission to view Omnichannel summary reports. |
View Omnichannel Rooms closed by another agent |
| Permission to view live chat rooms closed by another agent. |
View Omnichannel Rooms closed by another agent in the same department |
| Permission to view live chat rooms closed by another agent in the same department. |
View Omnichannel Room Custom Fields |
| Permission to view custom field values on Omnichannel rooms. |
View all omnichannel rooms |
| Permission to view all other Omnichannel rooms. It’s usually assigned to managers and workspace admins. |
View Omnichannel Triggers |
| Permission to view live chat triggers. |
View Omnichannel Webhooks |
| Permission to view live chat webhooks |
View Logs |
| Permission to view logs. Accessible from Manage → Workspace → Reports → Logs. |
Can view members in all rooms |
| Permission to view the member list in any room. |
View Moderation Console |
| Permission to view the moderation console of the server. |
View Omnichannel Contact Center |
| Permission to manage access to the contact center. |
View Other User Channels |
| Permission to manage channels on the admin screen. |
View Outside Room |
| Permission to find new channels and users. Users without this permission won't see channels that they are not part of when searching using the spotlight. |
View Private Room |
| Permission to view private channels. |
View Privileged Setting |
| Permission to view privileged settings. |
View Room Administration |
| Enables Manage → Workspace → Rooms module. Enables Permission to view public, private, and direct message statistics. Does not include permission to view conversations or archives. |
View Statistics |
| Enables Manage → Workspace module. Enables the permission to view system statistics such as number of users logged in, number of rooms, operating system information. |
View User Administration |
| Enables Manage → Users module. Only includes partial, read-only list view of other user accounts currently logged into the system. No user account information is accessible with this permission. Add view-full-other-user-info to see a complete list of other users via the Manage → Users. |
Can Audit |
| Permission to access the Message Auditing Panel |
Can Audit Log |
| Permission to check the details about who used the Message Auditing Panel and their search results |
Allow file upload on mobile devices |
| Permission to allow mobile users to upload files to the workspace. |
Delete Omnichannel Contact |
| Permission to delete an Omnichannel contact. |
Allow Internal Voice Calls |
| Essential for standard WebRTC calls and allows workspace members to make voice calls to one another. |
Allow External Voice Calls |
| Allows users to place and receive calls through the SIP provider, including PSTN calls. This works only when SIP integration is fully configured. |
By carefully managing permissions, administrators can provide a safe space for collaboration. As we move on to the next section, we'll discuss managing permissions for workspace settings.