Donut's Access to Messages
Donut's access to messages in Slack is quite limited, for two main reasons:
Donut only can read messages in channels or DMs where Donut is a member.
Donut only needs to be in the channel(s) where you want to use Donut. Consequently, Donut will only be a member of channels that a user invites it to or where a user explicitly sets up Donut features.
This means that Donut does not have access to anyone's private DMs (unless it's a DM with Donut), nor does Donut have access to any public or private channel content unless someone from your team has explicitly added Donut to the channel.
Required Scopes
Donut uses Slack's Granular Permissions in order to request only the permissions we need to make the app function.
When you install Donut in you Slack workspace we ask you to authorize the following bot scopes as part of the base installation, which allows the Donut app to function within your Slack workspace.
chat:write
— Allows Donut to send messages in channels and conversations that it has been added to. This is necessary for Donut’s basic functions.chat:write.public
— Allows Donut to send messages in public channels where it is not a member. There are a couple features in Donut where you can ask Donut to send a message in an arbitrary public channel at a particular time. This scope allows Donut to send those messages to public channels that it has not been added to. Donut will never send messages to any public channels where it is not a member without explicit instruction from a user.channels:history
— Allows Donut to receive messages sent in public channels that it has been added to. Several of Donut’s features rely on receiving messages in public channels.groups:history
— Allows Donut to receive messages sent in private channels that it has been added to. Several of Donut’s features rely on receiving messages in private channels.channels:read
— Allows Donut to access basic information about public channels, including who are the members of the channel. Donut uses channel membership to determine who to include in Intros.groups:read
— Allows Donut to access basic information about private channels that Donut has been added to, including who are the members of the channel. Donut uses channel membership to determine who to include in Intros.channels:join
— Allows Donut to join public channels. This is to make the setup process easier, so that Donut can join channels to be used for Donut at the direction of the person setting it up. Donut never joins channels without explicit instruction from a user.channels:manage
— Allows Donut to create public channels. This is to make the setup process easier, so that Donut can create channels to be used for Donut at the direction of the person setting it up. Donut never creates channels without explicit instruction from a user, and the name of the channel is provided by the user setting it up.groups:write
— Allows Donut to create private channels. This is to make the setup process easier, so that Donut can create private channels to be used for Donut at the direction of the person setting it up. Donut never creates channels without explicit instruction from a user, and the name of the channel is provided by the user setting it up.mpim:write
— Allows Donut to start multi-party direct messages (MPIMs) between itself and other members of the workspace. Donut makes Intros by starting MPIMs between itself and the group that is being introduced.mpim:read
— Allows Donut to access basic information about multi-party direct messages that it is a member of.mpim:history
— Allows Donut to receive messages sent in multi-party direct messages (MPIMs) that it is a member of. Several features of Intros rely on Donut receiving the messages sent in the MPIMs that it creates to send Intros.im:write
— Allows Donut to send direct messages to members of the workspace. Several of Donut’s features work by sending direct messages to users.im:read
— Allows Donut to access basic information about the direct messages between it and members of the workspace. This does not include direct messages between other members of the workspace.im:history
— Allows Donut to receive direct messages from members of the workspace. This does not include direct messages between other members of the workspace, only messages sent directly to Donut. Several of Donut’s features work by receiving messages sent directly to Donut.reactions:read
— Allows Donut to see emoji reactions on messages in channels and conversations that Donut has been added to. This is used for Shoutouts and the Selfie Contest.users:read
andusers:read.email
— Allows Donut to access basic information about the members of the workspace. The information that Donut uses is name, time zone, and email address. This information is used to power many of Donut’s basic functions. Email address is used for many features in Journeys, including the ability to add new hires by email address before they’re added to Slack.team:read
— Allows Donut to see the name and Slack domain of the workspace. This is used to facilitate customer support.emoji:read
— Allows Donut to see the names and images of custom emoji in your workspace. This makes it possible for you to include custom emoji in messages that you compose on the Donut dashboard (e.g. as part of Journeys) or to use your custom emoji for Donut Shoutouts.commands
— Allows Donut to add Shortcuts.
Optional Bot Scopes
There are two additional bot scopes that are optional, and are not included when you first install Donut but can be added later to use certain features:
files:read
— This is not part of the default installation, but can be added later if you want to use the Selfie Wall in conjunction with the Selfie Contest. It allows Donut to access files in channels and conversations that Donut has been added to. It is necessary for the Selfie Wall so that we can display the selfies on our web dashboard that were uploaded to the channel as part of the Selfie Contest. We do not store the files in our systems, but instead load them from Slack directly when a user visits the Selfie Wall.files:write
— This is not part of the default installation, but can be added later if you want Donut to send files in Slack messages sent with Donut Journeys. You upload the files to the Donut dashboard, and this scope allows Donut to send those files in Slack messages.
Optional User Scopes
There are a few optional user scopes that are not included in the initial installation, but can be added later to use the "send as user" feature in Donut Journeys. Unlike bot scopes, which allow Donut to perform actions as Donut, user scopes are tied to a particular user and allow Donut to perform actions as that user. Each user who wants to use the "send as user" feature must separately authorize Donut with these scopes, and each authorization only allows Donut to take actions as the one specific user.
chat:write
— This allows Donut to send messages on behalf of the authenticating user.im:write
— This allows Donut to open DM conversations on behalf of the authenticating user.mpim:write
— This allows Donut to open multi-party DM (MPIM) conversations on behalf of the authenticating user.files:write
— This allows Donut to upload and send files in messages that it sends on behalf of the authenticating user.
Lastly there is one more optional user scope that we make use of. This scope is used when you've already installed Donut and would like to sign into our web dashboard:
openid
— This scope powers Sign in with Slack, which allows you to authenticate into Donut's web dashboard via your Slack account. Granting this scope only provides Donut with the Slack user name and ID of the user that is authenticating, which we use to authenticate your session into the web dashboard. It does not provide Donut with any additional information or capabilities.