I would like to configure the splunk on call slack add on but when an admin wanted to approve the integration, it requested the following permissions:
11 permissions and scopes required On behalf of the app: - View messages and other content in public channels that VictorOps has been added to channels:history - View messages and other content in private channels that VictorOps has been added to groups:history - Add shortcuts and/or slash commands that people can use commands - View the name, email domain and icon for workspaces VictorOps is connected to team:read - Send messages as @victorops chat:write - Send messages as @victorops with a customised username and avatar chat:write.customize On behalf of the user: - View information about a user’s identity identify - View basic information about public channels in a workspace channels:read - View basic information about a user’s private channels groups:read - Manage a user’s public channels and create new ones on a user’s behalf channels:write - Manage a user’s private channels and create new ones on a user’s behalf groups:writeAll actions on a request will affect the entire workspace
Question 1: Just doing due diligence here, does the last permission "Manage a user’s private channels" give it the ability to read messages on other private channels on the workspace?
reading in the knowledge base it states: "Note: The scope of private channels is limited to the channels that the person who integrates Splunk On-Call to Slack has access to. If you would like allprivate channels to be mapped to Splunk On-Call, we recommend creating a “Service Account” that has access to all private channels for this use."
Question 2 - does this mean the app would have access to all channels the admin user who approves to integration by default? Or would they approve it per channel?