Security

Splunk on call slack permissions

johnrogers
New Member

Hi all, 

I would like to configure the splunk on call slack add on but when an admin wanted to approve the integration, it requested the following permissions:

11 permissions and scopes required
On behalf of the app:
- View messages and other content in public channels that VictorOps has been added to channels:history
- View messages and other content in private channels that VictorOps has been added to groups:history
- Add shortcuts and/or slash commands that people can use commands
- View the name, email domain and icon for workspaces VictorOps is connected to team:read
- Send messages as @victorops chat:write
- Send messages as @victorops with a customised username and avatar chat:write.customize
On behalf of the user:
- View information about a user’s identity identify
- View basic information about public channels in a workspace channels:read
- View basic information about a user’s private channels groups:read
- Manage a user’s public channels and create new ones on a user’s behalf channels:write
- Manage a user’s private channels and create new ones on a user’s behalf groups:writeAll actions on a request will affect the entire workspace

Question 1: Just doing due diligence here, does the last permission "Manage a user’s private channels" give it the ability to read messages on other private channels on the workspace? 


reading in the knowledge base it states:
"Note: The scope of private channels is limited to the channels that the person who integrates Splunk On-Call to Slack has access to. If you would like all private channels to be mapped to Splunk On-Call, we recommend creating a “Service Account” that has access to all private channels for this use."

Question 2 - does this mean the app would have access to all channels the admin user who approves to integration by default? Or would they approve it per channel? 


Labels (1)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...