Granular Permissions in Slack

As of September 15th 2020, Fellow's Slack app is using the the new granular permissions management system. As opposed to generic read/write scopes, this means that we have to request a new scope for each individual action Fellow performs.

There are two types of scopes as part of the new granular permission system:

  • Bot Token Scopes govern the information that Fellow can access directly as a bot

  • User Token Scopes govern the Fellow's ability to access user data and act on behalf of the specific user that has authorized it.

List of Requested Scopes

For each scope that we request for our Slack App, we have to provide Slack with a reason behind each scope request as part of Slack's own review process (each change to our application's configuration triggers a new review by Slack).

Below is a list if all of the scopes being requested, along with the Request Reason supplied as part of the app submission.

Bot Token Scopes

Scopes that govern what the Fellow app can access.

  • app_mentions:read

    Description: View messages that directly mention @fellow in conversations that the app is in

    Request Reason: To enable interactivity with the bot. Note that this only grants access to messages where Fellow was explicitly mentioned. It does not provide the ability to read other messages.

  • channels:read

    Description: View basic information about public channels in a workspace

    Request Reason: Allows users to post meeting notes to a given channel, which is listed in Fellow. Note that this only allows us to see what channels exist. It does not provide the ability to read messages.

  • chat:write

    Description: Send messages as @fellow

    Request Reason: Core functionality around bot interactivity. Note that this applies only to channels to which Fellow has been added. It does not provide the ability to read messages.

  • chat:write.public

    Description: Send messages to channels @fellow isn't a member of

    Request Reason: Post notes as blocks where relevant. Note that this applies only to public channels.

  • commands

    Description: Add shortcuts and/or slash commands that people can use

    Request Reason: Multiple slash commands available, including giving feedback, adding a note, ...

  • dnd:read

    Description: View Do Not Disturb settings for people in a workspace

    Request Reason: So we know when not to send messages to users

  • groups:read

    Description: View basic information about private channels that Fellow has been added to

    Request Reason: Allows users to post meeting notes to a given channel, which is listed in Fellow. Note that this does not provide the ability to read messages.

  • im:history

    Description: View messages and other content in direct messages that Fellow has been added to

    Request Reason: Core functionality around bot interactivity. Note that this only applies to messages sent directly to the Fellow Bot user.

  • im:read

    Description: View basic information about direct messages that Fellow has been added to

    Request Reason: Core functionality around bot interactivity. Note that this does not provide the ability to read messages.

  • im:write

    Description: Start direct messages with people

    Request Reason: Allow users to post meeting notes to a given DM, from within Fellow. Note that this does not provide the ability to read messages.

  • links:read

    Description: View app.fellow.co, fellow.link, and fellow.app URLs in messages

    Request Reason: Check for Fellow URLs so the bot can post meeting notes as blocks

  • links:write

    Description: Show previews of app.fellow.co, fellow.link, and fellow.app URLs in messages

    Request Reason: Note unfurling (optionally showing the contents of a note wherever a Fellow link was pasted)

  • mpim:read

    Description: View basic information about group direct messages that Fellow has been added to

    Request Reason: Allows users to post meeting notes to a given channel, which is listed in Fellow. Note that this does not provide the ability to read messages.

  • mpim:write

    Description: Start group direct messages with people

    Request Reason: Allows users to post meeting notes to a given channel, which is listed in Fellow. Note that this does not provide the ability to read messages.

  • team:read

    Description: View the name, email domain, and icon for workspaces Fellow is connected to

    Request Reason: Allow workspace information to be synced to Fellow to reference which workspace is currently connected.

  • users:read

    Description: View people in a workspace

    Request Reason: Allow users to find Slack users to send notes to

  • users:read.email

    Description: View email addresses of people in a workspace

    Request Reason: To match up Slack users against the relevant Fellow user

  • workflow.steps:execute

    Description: Add steps that people can use in Workflow Builder

    Request Reason: To enable app workflow step functionality. Fellow provides a number of workflow steps which can be used to create automations with Slack's workflow builder.

User Token Scopes

Scopes that access user data and act on behalf of users that authorize them.

  • links:read

    Description: View app.fellow.co, fellow.link, and fellow.app URLs in messages

    Request Reason: To provide a preview to the meeting agenda when the link is posted on Slack. Note that this does not provide the ability to read messages.

  • links:write

    Description: Show previews of app.fellow.co, fellow.link, and fellow.app URLs in messages

    Request Reason: To provide a preview of the meeting agenda when the Fellow link is posted on Slack. Note that this does not provide the ability to read messages.

Did this answer your question?