Permissions play a crucial role in maintaining the security and integrity of your workspace, ensuring that users have the right level of access to various functionalities and resources. Rocket.Chat provides a comprehensive permission-based framework for managing access to various features within your workspace.
The permissions are assigned to roles. Users with the roles will have access to the permissions. Workspace administrators and users with the permissions can modify the roles and related permissions. To learn about roles in detail, see Roles in Rocket.Chat.
To access the Permissions menu, go to Administration > Workspace > Permissions.
{% hint style="success" %} Permission updates take effect instantly without requiring users to log out, sign in again, or refresh the system. {% endhint %}
The permissions you can assign to a role on your workspace include the following:
{% hint style="info" %} The list of permissions is not comprehensive. {% endhint %}
| Name | Codebase Name | Purpose |
|---|---|---|
| Access Mailer Screen | access-mailer |
Permission to use the Mailer Tool. Accessible from Administration -> Mailer. |
| Access Permissions Screen | access-permissions |
Permission to create and edit roles and permissions. Accessible from Administration -> Permissions. |
| Add all users to a room | add-all-to-room |
Permission to add all users to a room. |
| Add Omnichannel Agents to Departments | add-livechat-department-agents |
Permission to assign an onmichannel agent to a department. |
| Add OAuth Service | add-oauth-service |
Permission to manage different OAuth services and apps. Accessible from Administration -> OAuth Apps. |
| Add Team Channel | add``-``team``-``channel |
Permission to add channels to a team. |
| Add Team Member | add``-``team``-``member |
Permission to add members to a team. |
| Add User to Any Public Channel | add-user-to-any-c-room |
Permission to add a user to a public channel. |
| Add User to Any Private Channel | add-user-to-any-p-room |
Permission to add a user to a private channel. |
| Add User to Any Joined Channel | add-user-to-joined-room |
Permission to add a user to a joined channel. |
| Bypass rate limit for REST API | api-bypass-rate-limit |
Permission to call api without rate limitation. See Rate Limiter. |
| Archive Room | archive-room |
Permission to archive a channel. |
| Assign Admin Role | assign-admin-role |
Permission to promote user to Admin. Requires view-user-administration permission. Accessible from Administration -> Users. |
| Assign Roles | assign-roles |
Permission to assign roles for a user. Requires view-user-administration permission. Accessible from Administration -> Users. |
| Auto Translate | auto-translate |
Permission to use the Auto Translate Tool. Accessible from Administration > Workspace > Settings > Message > Auto Translate. |
| Ban User | ban-user |
Permission to ban a user. |
| Block IP Device Management | bulk-create-c |
Permission to bulk create public channels. |
| Bulk Create Users | bulk-register-user |
Permission to bulk add users. |
| Bypass time limit | ||
| Call Management | call-management |
Permission to start a meeting. Requires Video Conference -> BigBlueButton enabled. Accessible from More -> BBB Video Chat -> Start Meeting. |
| Clean Channel History | clean-channel-history |
Permission to prune a channel's messages and/or files. |
clean-group-history |
Permission to prune a group's messages and/or files. | |
clean-direct-history |
Permission to prune direct messages and/or files. | |
| Close Omnichannel Room | close-livechat-room |
Permission to close your own Live Chat channels. |
| Close Other Omnichannel Room | close-others-livechat-room |
Permission to close other Live Chat channels. |
| Convert Team | convert-team |
Permission to convert team to channel. |
| Create Public Channels | create-c |
Permission to create public channels. |
| Create Direct Messages | create-d |
Permission to start direct messages. |
| Create Invite Links | create``-``invite``-``links |
Permission to create invite links to add members to a room |
| Create Private Channels | create-p |
Permission to create private groups. |
| Create Personal Access Tokens | create-personal-access-tokens |
Permission to create Personal Access Tokens. Accessible from My Account -> Personal Access Tokens. |
| Create User | create-user |
Permission to create new users. Accessible from Administration -> Users. Click the + sign found on the top right hand corner of the Users list to create a new user. |
| Create Team | create-team |
Permission to create a team. |
| Delete Public Channels | delete-c |
Permission to delete public channels. |
| Delete Direct Messages | delete-d |
Permission to delete direct messages. |
| Delete Message | delete-message |
Permission to delete a message within a channel. |
| Delete Own Message | delete``-``own``-``message |
Permission to delete your own message. |
| Delete Private Channels | delete-p |
Permission to delete private channels. |
| Edit Livechat Room Custom Fields | edit-livechat-room-customfields |
Permission to edit a livechat custom field. |
| Delete User | delete-user |
Permission to delete users. |
| Delete Team | delete-team |
Permission to delete a team |
| Edit Message | edit-message |
Permission to edit a message. |
| Edit Omnichannel Contact | edit-omnichannel-contact |
Permission to edit omnichannel contact. |
| Edit Other User Active Status | edit-other-user-active-status |
Permission to enable or disable other accounts. Accessible from Administration -> Users. |
| Edit Other User Avatar | edit``-``other``-user-``avatar |
Permission to edit other users avatar. |
| Edit Other User E2E Encryption | edit``-``other``-``user``-``e2e``e |
Permision to edit other users E2E key. |
| Edit Other User Information | edit-other-user-info |
Permission to change other user's name, username or email address. Accessible from Administration -> Users. |
| Edit Other User Password | edit-other-user-password |
Permission to modify other user's passwords. Requires edit-other-user-info permission. Accessible from Administration -> Users. |
| Edit Other User Two Factor TOTP | edit``-``other``-``user``-``totp |
Permission to edit other user TOTP. |
| Edit Privileged Setting | edit-privileged-setting |
Permission to edit privileged settings. |
| Edit Room | edit-room |
Permission to edit a room's name, topic, type (private or public status) and status (active or archived). |
| Edit Room Avatar | edit``-``room``-``avatar |
Permission to edit a room avatar. |
| Edit Room's Retention Policy | edit-room-retention-policy |
Permission to edit's a room's retention policy. |
| Edit Team | edit``-``team |
Permission to edit a team. |
| Edit Team Channel | edit``-``team``-``channel |
Permission to add a team channel |
| Edit Team Member | edit``-``team``-``member |
Permission to add a team member. |
| Force Delete Message | force-delete-message |
Permission to forcefully delete messages, independent of any deletion blocking setting. |
| Inbound Voip Calls | inbound``-``voip``-``calls |
|
| Join Without Join Code | join-without-join-code |
Permission to bypass join codes when entering a channel with a join code set. |
| Leave Channels | leave-c |
Permission to leave the public channel. |
| Leave Private Groups | leave-p |
Permission to leave the private channel. |
| Logout Device Management | logout``-``device``-``management |
Permission to log out device management |
| Logout Other User | logout``-``other``-``user |
Permission to log out other users. |
| Mail Messages | mail-messages |
Permission to use the "Mail Messages" tool in the channel actions menu. |
| Manage Agent Extension Association | manage``-``agent``-``extension``-``association |
Permission to manange extension association. |
| Manage Apps | manage-apps |
Permission to manage all apps. Accessible from Administration -> Apps. |
| Manage Assets | manage-assets |
Permission to manage assets. Must also be admin Accessible from Administration -> Assets. |
| manage-chatpal | ||
| Manage Email Inbox | manage``-``email``-``inbox |
Permission to manage email inbox. |
| Manage Cloud | manage-cloud |
Permission to manage cloud. Requires view-user-administration permission. Accessible from Administration -> Cloud. |
| Manage Emoji | manage-emoji |
Permission to add custom emojis to the server. Accessible from Administration -> Custom Emoji. |
| Manage Incoming Integrations | manage-incoming-integrations |
Permission to manage all incoming integrations. Accessible from Administration -> Integrations. |
| Manage Outgoing Integrations | manage-outgoing-integrations |
Permission to manage all ougoing integrations. Accessible from Administration -> Integrations. |
| Manage OAuth Apps | manage-oauth-apps |
Permission to manage OAuth apps. Accessible from Administration -> OAuth. |
| Manage Outgoing Integrations | manage-outgoing-integrations |
Permission to manage all outgoing integrations. Accessible from Administration -> Integrations. |
| Manage Outgoing Integrations | manage-own-outgoing-integrations |
User can create and edit own outgoing integration - webhooks. |
| Manage Own Incoming Integrations | manage-own-incoming-integrations |
User can create and edit own incoming integration - webhooks. |
| Manage Omnichannel Agents | manage``-livechat-``agents |
Permission to manage omnichannel agents. |
| Manage Omnichannel Canned Responses | manage-livechat-canned-responses |
Permission to manage canned responses. |
| Manage Omnichannel Departments | manage-livechat-``departments |
Permission to manange omnichannel departments. |
| Manage Omnichannel Managers | manage-livechat-managers |
Permission to manage omnichannel managers. |
| Manage Omnichannel Monitors | manage``-livechat-``monitors |
Permission to manage omnichannel monitors. |
| Manage Omnichannel Priorities | manage-livechat-priorities |
Permission to manange omnichannel priorities. |
| Manage Omnichannel SLA | manage-livechat-sla |
Permission to manage omnichannel SLA |
| Manage Omnichannel Tags | manage-livechat-tags |
Permission to manage omnichannel tags. |
| Manage Omnichannel Units | manage-livechat-units |
Permission to manage omnichannel units. |
| Manage Moderation Actions | manage-moderation-actions |
Permission to manage moderation. |
| Change Some Settings | manage-selected-settings |
Permission to change settings which are explicitly granted to be changed. |
| Manage Sounds | manage-sounds |
Permission to manage sounds. Accessible from Administration -> Custom Sounds. |
| Manage User Status | manage``-``user``-``status |
Permission to manage user status. |
| Manage Voip Call Settings | manage``-``voip``-``call``-``settings |
Permission to manage Voip call settings. |
| Manage Voip Contact Center Settings | manage-voip-contact-center-settings |
Permission to manage Voip contact center. |
| Mention All | mention-all |
Permission to mention everyone in a channel. |
| Mention Here | mention-here |
Permission to notify active users in a channel. |
| Impersonate Other Users | message-impersonate |
Permission to impersonate other users using message alias. Accessible from Administration -> Permissions. | |
| Mute User | mute-user |
Permission to mute other users in the same channel. |
| On Hold Omnichannel Room | on-hold-livechat-room |
Permission to put a room on hold. |
| On Hold Others Omnichannel Room | on``-``hold``-others-livechat-``room |
Permission to put livechat room on hold for others. |
| Outbound Voip Calls | outbound``-``voip``-``calls |
Permission to outbound voip calls. |
| Pin Message | pin-message |
Permission to pin a message in a channel. |
| Post ReadOnly | post-readonly |
Permission to post messages on read-only channels. |
| Preview Public Channel | preview-c-room |
Permission to preview public channels. |
| Register On Cloud | register-on-cloud |
Permission to register a workspace manually. |
| Remove Canned Responses | remove``-``canned``-``responses |
Permission to remove canned responses. |
| Remove Closed Omnichannel Room | remove-closed-livechat-rooms |
Permission to close Live Chat rooms. Requires view-livechat-rooms permission. Accessible from Live Chat -> Current Chats. |
| Remove Omnichannel Departments | remove``-``livechat``-department |
Permision to remove omnichannel departments. |
| Remove Slackbridge Links | remove-slackbridge-links |
Permission to remove slackbridge links |
| Remove Team Channel | remove-team-channel |
Permission to remove a channel from a team. |
| Remove User | remove-user |
Permission to remove users from channels. |
| Request PDF Transcript | request``-``pdf``-``transcript |
Permission to request a PDF transcript for a chat. |
| Restart the server | restart``_``server |
Permission to reset the server. |
| Reset Other User E2E | reset-other-user-e2e-key |
Permission to set E2E key. See End to End Encryption. |
| Run Import | run-import |
Permission to use the data importer tools. Must also be an admin. Accessible from Administration -> Import. |
| Run Migration | run-migration |
Permission to run migrations. |
| Save All Canned Responses | save``-``all``-``canned``-``responses |
Permission to save all canned responses. |
| Save Canned Responses | save``-``canned``-``responses |
Permission to save canned responses. |
| Save Department Canned Responses | save``-``department``-``canned``-``responses |
Permission to save canned responses in the right. |
| Save Others Omnichannel Room Info | save-others-livechat-room-info |
Permission to add additional information to both the visitor and Live Chat rooms. |
| Send Many Messages | send-many-messages |
Permission to bypasses rate limit of 5 messages per second. |
| Send Omnichannel Conversation Transcript | send-omnichannel-chat-transcript |
Permission to send omnichannel transcript. |
| Set Leader | set-leader |
Permission to set leaders for channels |
| Set Moderator | set-moderator |
Permission to set moderators for channels. |
| Set Owner | set-owner |
Permission to set other users as owner of a public channel. |
| Set React When ReadOnly | set-react-when-readonly |
Permission to react to messages in only channels. |
| Set ReadOnly | set-readonly |
Permission to set room read-only. Accessible from Room Info -> Edit. |
| Snippet Message | snippet-message |
Permission to create message snippets. |
| Spy Voip Calls | spy``-``voip``-``calls |
|
| Start Discussion | start-discussion |
Permission to start a discussion. |
| Start Discussion (Other-User) | start-discussion-other-user |
Permission to start a discussion, which gives permission to the user to create a discussion from a message sent by another user as well. |
| Sync authentication services' users | sync``-auth-``services``-users |
Permission to sync users from other authentication services to the workspace. |
| Toggle Room E2E Encryption | toggle``-``room``-``e2e``-``encryption |
Permission to toggle E2E encryption. |
| Unarchive Room | unarchive-room |
Permission to unarchive channels. |
| User Generate Access Token | user-generate-access-token |
Permission to create authorization tokens for users. |
| Ring other users when calling | videoconf-ring-users |
Permission to ring other users when calling. |
| View Agent Canned Responses | view-agent-canned-responses |
Permission to view canned responses of an agent. |
| View Agent Extension Association | view-agent-extension-association |
Permission to view agent extension association. |
| View All Canned Responses | view-all-canned-responses |
Permission to view all canned responses |
| View All Team Channels | view-all-team-channels |
Permission to view all team's channels |
| View All Teams | view-all-teams |
Permission to view all teams |
| View Members List in Broadcast Room | view-broadcast-member-list |
Permission to view the list of users in a broadcast channel. |
| View Public Channel | view-c-room |
Permission to view public channels. |
| View Direct Messages | view-d-room |
Permission to view direct messages. Does not affect the ability to begin/start a direct message with another user. |
| View Device Management | view-device-management |
Permission to view device management dashboard |
| View Engagement Dashboard | view-engagement-dashboard |
Permission to view engagement dashboard. |
| View Federation Data | view-federation-data |
Permission to view federation data |
| View Full Other User Info | view-full-other-user-info |
Permission to view full profile of other users including account creation date, last login, etc. |
| View History | view-history |
Permission to view the channel history. |
| View Import Operations | view-import-operations |
Permission to view import operations |
| View Join Code | view-join-code |
Permission to view the join code of channels. |
| View Joined Room | view-joined-room |
Permission to view current joined channels. |
| View Omnichannel Rooms | view-l-room |
Permission to view Live Chat channel. |
| View Omnichannel Analytics | view-livechat-analytics |
Permission to view Live Chat analytics. Requires Live Chat feature enabled and view-Livehat-manager permission. |
| View Omnichannel Appearance | view-livechat-appearance |
Permission to view live chat appearance. |
| View Omnichannel Business-Hours | view-livechat-business-hours |
Permission to view live chat business hours. |
| View Omnichannel Current Chats | view-livechat-current-chats |
Permission to view live chat current chats |
| View Omnichannel Custom Fields | view-livechat-customfields |
Permission to view Omnichannel custom fields. |
| View Omnichannel Departments | view-livechat-departments |
Permission to view Omnichannel departments. |
| View Omnichannel Installation | view-livechat-installation |
Permission to view Omnichannel installation |
| View Omnichannel Manager | view-livechat-manager |
Permission to view other Live Chat managers. |
| View Omnichannel Queue | view-livechat-queue |
Permission to view Omnichannel queue |
| View Omnichannel Real-time Monitoring | view-livechat-real-time-monitoring |
Permision to view live chat real time monitoring. |
| View Omnichannel Rooms closed by another agent | view-livechat-room-closed-by-another-agent |
Permission to view live chat rooms closed by another agent. |
| View Omnichannel Rooms closed by another agent in the same department | view-livechat-room-closed-same-department |
Permission to view live chat rooms closed by another agent in the same department. |
| View Omnichannel Rooms | view-livechat-rooms |
Permission to view a list of Live Chat channels. |
| View Omnichannel Triggers | view-livechat-triggers |
Permission to view live chat triggers. |
| View Omnichannel Webhooks | view-livechat-webhooks |
Permission to view live chat webhooks |
| View Logs | view-logs |
Permission to view logs. Accessible from Administration -> View Logs. |
| View Moderation Console | view-moderation-console |
Permission to view moderation console of the server. |
| View Omnichannel Contact Center | View Omnichannel Contact Center |
Permission to manage access to the contact center. |
| View Other User Channels | view-other-user-channels |
Permission to manage channels on the admin screen. |
| View Outside Room | view-outside-room |
Permission to find new channels and users. Users without this permission won't see channels that they are not part of when searching using the spotlight. |
| View Private Room | view-p-room |
Permission to view private channels. |
| View Privileged Setting | view-privileged-setting |
Permission to view privileged settings. |
| View Room Administration | view-room-administration |
Enables Administration -> Channels module. Enables Permission to view public, private, and direct message statistics. Does not include permission to view conversations or archives. |
| View StatisticsView User Administration | view-statistics |
Enables Administration -> Info module. Enables the permission to view system statistics such as number of users logged in, number of rooms, operating system information. |
| View User Administration | view-user-administration |
Enables Administration -> Users module. Only includes partial, read-only list view of other user accounts currently logged into the system. No user account information is accessible with this permission. Add view-full-other-user-info to see a complete list of other users via the Administration -> Users. |
| Can Audit | can-audit |
Permission to access the Message Auditing Panel |
| Can Audit Log | can-audit-log |
Permission to check the details about who used the Message Auditing Panel and their search results |
| Allow file upload on mobile devices | Allow file download on mobile devices |
permission to allow mobile users to be able to download and upload files from and to the server |
By carefully managing permissions, administrators can provide a safe space for collaboration. As we move on to the next section, we'll discuss managing permissions for workspace settings.