permissions.md

Permissions

Rocket.Chat has a vast and customizable permissions system. Most actions a user can make require particular permission, so you can customize what users can do and see.

To access this menu:

Navigate to Administration > Workspace > Permissions

{% hint style="info" %} Permission changes are immediate and transparent. Users do not need to log out, log in, or refresh for permissions to be applied. {% endhint %}

Roles

A Role is a set of permissions that are given to users. Rocket.Chat comes with a set of default roles that can be modified.

{% hint style="info" %} Roles are shown as little tags on the side of a username on messages. {% endhint %}

Scope of Roles

Roles can have different scopes. Currently, we have two scopes Global and Rooms.

Global scope: A role with the Global scope is valid for the whole server.

Room scope: A role with the Room scope gets applied to rooms, where a user has to be elected to that role in that channel.

An example of Global scope role is the admin role having permissions valid for the whole server, while a moderator role is a Room scope role which has permissions valid only in a channel they were elected for.

Creating Custom Roles

As a workspace administrator, you can create new roles with custom permissions for your workspace.

{% hint style="info" %} As from Rocket.Chat V6.0.x.x the creating and editing of custom roles is an enterprise feature. {% endhint %}

To create a new role,

• Navigate to Administration > Workspace > Permissions
• Click on New role
• A side panel opens, provide the details required
  • Role: Name of the role.
  • Description: Set a description of the role.
  • Scope: Select what scope the role is to take effect on.
• Save

You can now allocate permissions to the role by checking the checkbox corresponding to each permission beneath the role.

Default Roles

• admin (Users) - Have access to all settings and administrator tools.
• moderator (Subscriptions) - Have moderation permissions for a channel. It has to be elected by a channel owner.
• owner (Subscriptions) - Have owner permissions for a channel. Users who create a channel become the owner of that channel. They can also elect more owners for that channel.
• user (Users) - Normal user rights. Most users receive this role when registering.
• bot (Users) - Special Role for bot users, with some permissions related to bot functionality.
• leader (Subscriptions) - it doesn't have any special permissions but is used when setting a leader to a channel. Leaders appear on the header of a channel.
• anonymous (Users) - unauthenticated users that access the server when the Allow Anonymous Read setting is activated.
• guest (Users) - anonymous users that want to write and participate in channels when the Allow Anonymous Read and Allow Anonymous Write settings are activated.
• livechat-agent (Users) - Agents of Live Chat. They can answer to Live Chat requests.
• livechat-manager (Users) - Manager of Live Chat, can manage agents and guests.
• livechat-guest (Users) - Users coming from a Live Chat channel.

Permissions Available

Permission	Purpose
access-mailer	Permission to use the Mailer Tool. Accessible from Administration -> Mailer.
access-permissions	Permission to create and edit roles and permissions. Accessible from Administration -> Permissions.
add-oauth-service	Permission to manage different OAuth services and apps. Accessible from Administration -> OAuth Apps.
add-user-to-any-c-room	Permission to add a user to a public channel.
add-user-to-any-p-room	Permission to add a user to a private channel.
add-user-to-joined-room	Permission to add a user to a joined channel.
api-bypass-rate-limit	Permission to call api without rate limitation. See Rate Limiter.
archive-room	Permission to archive a channel.
assign-admin-role	Permission to promote user to Admin. Requires view-user-administration permission. Accessible from Administration -> Users.
assign-roles	Permission to assign roles for a user. Requires view-user-administration permission. Accessible from Administration -> Users.
auto-translate	Permission to use the Auto Translate Tool. Accessible from Administration -> Message -> Auto Translate.
ban-user	Permission to ban a user.
bulk-create-c	Permission to bulk create public channels.
bulk-register-user	Permission to bulk add users.
call-management	Permission to start a meeting. Requires Video Conference -> BigBlueButton enabled. Accessible from More -> BBB Video Chat -> Start Meeting.
clean-channel-history	Permission to prune a channel's messages and/or files.
clean-group-history	Permission to prune a group's messages and/or files.
clean-direct-history	Permission to prune direct messages and/or files.
close-livechat-room	Permission to close your own Live Chat channels.
close-others-livechat-room	Permission to close other Live Chat channels.
create-c	Permission to create public channels.
create-d	Permission to start direct messages.
create-p	Permission to create private groups.
create-personal-access-tokens	Permission to create Personal Access Tokens. Accessible from My Account -> Personal Access Tokens.
create-user	Permission to create new users. Accessible from Administration -> Users. Click the + sign found on the top right hand corner of the Users list to create a new user.
delete-c	Permission to delete public channels.
delete-d	Permission to delete direct messages.
delete-message	Permission to delete a message within a channel.
delete-p	Permission to delete private channels.
delete-user	Permission to delete users.
edit-message	Permission to edit a message.
edit-other-user-active-status	Permission to enable or disable other accounts. Accessible from Administration -> Users.
edit-other-user-info	Permission to change other user's name, username or email address. Accessible from Administration -> Users.
edit-other-user-password	Permission to modify other user's passwords. Requires edit-other-user-info permission. Accessible from Administration -> Users.
edit-privileged-setting	Permission to edit privileged settings.
edit-room	Permission to edit a room's name, topic, type (private or public status) and status (active or archived).
edit-room-retention-policy	Permission to edit's a room's retention policy.
force-delete-message	Permission to forcefully delete messages, independent of any deletion blocking setting.
join-without-join-code	Permission to bypass join codes when entering a channel with a join code set.
leave-c	Permission to leave the public channel.
leave-p	Permission to leave the private channel.
mail-messages	Permission to use the "Mail Messages" tool in the channel actions menu.
manage-apps	Permission to manage all apps. Accessible from Administration -> Apps.
manage-assets	Permission to manage assets. Must also be admin Accessible from Administration -> Assets.
manage-cloud	Permission to manage cloud. Requires view-user-administration permission. Accessible from Administration -> Cloud.
manage-emoji	Permission to add custom emojis to the server. Accessible from Administration -> Custom Emoji.
manage-outgoing-integrations	Permission to manage all outgoing integrations. Accessible from Administration -> Integrations.
manage-incoming-integrations	Permission to manage all incoming integrations. Accessible from Administration -> Integrations.
manage-oauth-apps	Permission to manage OAuth apps. Accessible from Administration -> OAuth.
manage-own-outgoing-integrations	User can create and edit own outgoing integration - webhooks.
manage-own-incoming-integrations	User can create and edit own incoming integration - webhooks.
manage-sounds	Permission to manage sounds. Accessible from Administration -> Custom Sounds.
mention-all	Permission to mention everyone in a channel.
mention-here	Permission to notify active users in a channel.
message-impersonate	Permission to impersonate other users using message alias. Accessible from Administration -> Permissions. |
mute-user	Permission to mute other users in the same channel.
pin-message	Permission to pin a message in a channel.
post-readonly	Permission to post messages on read-only channels.
preview-c-room	Permission to preview public channels.
remove-closed-livechat-rooms	Permission to close Live Chat rooms. Requires view-livechat-rooms permission. Accessible from Live Chat -> Current Chats.
remove-user	Permission to remove users from channels.
reset-other-user-e2e-key	Permission to set E2E key. See End to End Encryption.
run-import	Permission to use the data importer tools. Must also be an admin. Accessible from Administration -> Import.
run-migration	Permission to run migrations.
save-others-livechat-room-info	Permission to add additional information to both the visitor and Live Chat rooms.
send-many-messages	Permission to bypasses rate limit of 5 messages per second.
set-leader	Permission to set leaders for channels
set-moderator	Permission to set moderators for channels.
set-owner	Permission to set other users as owner of a public channel.
set-react-when-readonly	Permission to react to messages in only channels.
set-readonly	Permission to set room read-only. Accessible from Room Info -> Edit.
snippet-message	Permission to create message snippets.
start-discussion	Permission to start a discussion.
start-discussion-other-user	Permission to start a discussion, which gives permission to the user to create a discussion from a message sent by another user as well.
unarchive-room	Permission to unarchive channels.
user-generate-access-token	Permission to create authorization tokens for users.
view-broadcast-member-list	Permission to view the list of users in a broadcast channel.
view-c-room	Permission to view public channels.
view-d-room	Permission to view direct messages. Does not affect the ability to begin/start a direct message with another user.
view-full-other-user-info	Permission to view full profile of other users including account creation date, last login, etc.
view-history	Permission to view the channel history.
view-join-code	Permission to view the join code of channels.
view-joined-room	Permission to view current joined channels.
view-l-room	Permission to view Live Chat channel.
view-livechat-analytics	Permission to view Live Chat analytics. Requires Live Chat feature enabled and view-Livehat-manager permission.
view-livechat-manager	Permission to view other Live Chat managers.
view-livechat-rooms	Permission to view a list of Live Chat channels.
view-logs	Permission to view logs. Accessible from Administration -> View Logs.
View Omnichannel Contact Center	Permission to manage access to the contact center.
view-other-user-channels	Permission to manage channels on the admin screen.
view-outside-room	Permission to find new channels and users. Users without this permission won't see channels that they are not part of when searching using the spotlight.
view-p-room	Permission to view private channels.
view-privileged-setting	Permission to view privileged settings.
view-room-administration	Enables Administration -> Channels module. Enables Permission to view public, private, and direct message statistics. Does not include permission to view conversations or archives.
view-statistics	Enables Administration -> Info module. Enables the permission to view system statistics such as number of users logged in, number of rooms, operating system information.
view-user-administration	Enables Administration -> Users module. Only includes partial, read-only list view of other user accounts currently logged into the system. No user account information is accessible with this permission. Add view-full-other-user-info to see a complete list of other users via the Administration -> Users.
auditor-log	Permission to check the details about who used the Message Auditing Panel and their search results
can-audit-log	Permission to check the details about who used the Message Auditing Panel and their search results
view-engagement-dashboard	Permission to who can view engagement dashboard
Allow file download on mobile devices	permission to allow mobile users to be able to download and upload files from and to the server