Permission System

How it works

Each feature available in the Apps Engine is mapped to a permission. Adding the permission in the app's manifest (app.json file) will unlock said feature to be used by the app. For example, if you add "send messages" as a permission in your app's manifest, your app will be able to send messages in the Rocket.Chat server. If your app tries to send a message without having the "send messages" permission listed in the manifest, the Apps Engine will block the feature and the app will not be able to perform the desired action.
When installing an app, being it by the Marketplace page or installing it manually via zip file, a window asks the user to review the permissions the app requires to work properly. The user installing the app can either accept and install the app or deny the permissions and not install it.

How to use it

In your app's manifest file (app.json), add the field permissions. It receives a list containing all the permissions you are asking for. Example:
1
{
2
...
3
"permissions": [
4
{
5
"name": "user.read"
6
},
7
{
8
"name": "user.write"
9
},
10
{
11
"name": "upload.read"
12
},
13
],
14
...
15
}
Copied!

Notice about rule enforcement

As of right now, the Apps Engine does not enforce the use of the permissions to make your apps work, meaning your current apps (including the ones published at the Marketplace) will still work as expected. All the apps that do not have the permissions listed in their manifest will still have access to all the features they need through the default permissions. They are applied to your app automatically when no permissions property is found in the app's manifest.
Until no sunsetting period for the "permissionless engine" is defined, setting permissions in your app's manifest will be optional.

Permissions

Access user information

Permission name: user.read
1
{
2
"permissions": [
3
{
4
"name":"user.read"
5
}
6
]
7
}
Copied!

Modify user information

Permission name: user.write
1
{
2
"permissions": [
3
{
4
"name":"user.write"
5
}
6
]
7
}
Copied!

Access files uploaded to the server

Permission name: upload.read
1
{
2
"permissions": [
3
{
4
"name":"upload.read"
5
}
6
]
7
}
Copied!

Upload files to the server

Permission name: upload.write
1
{
2
"permissions": [
3
{
4
"name":"upload.write"
5
}
6
]
7
}
Copied!

Access settings in the server

Permission name: server-setting.read
1
{
2
"permissions": [
3
{
4
"name":"server-setting.read"
5
}
6
]
7
}
Copied!

Modify settings in the server

Permission name: server-setting.write
1
{
2
"permissions": [
3
{
4
"name":"server-setting.write"
5
}
6
]
7
}
Copied!

Access room information

Permission name: room.read
1
{
2
"permissions": [
3
{
4
"name":"room.read"
5
}
6
]
7
}
Copied!

Create and modify rooms

Permission name: room.write
1
{
2
"permissions": [
3
{
4
"name":"room.write"
5
}
6
]
7
}
Copied!

Access messages

Permission name: message.read
1
{
2
"permissions": [
3
{
4
"name":"message.read"
5
}
6
]
7
}
Copied!

Send and modify messages

Permission name: message.write
1
{
2
"permissions": [
3
{
4
"name":"message.write"
5
}
6
]
7
}
Copied!

Access Livechat status information

Permission name: livechat-status.read
1
{
2
"permissions": [
3
{
4
"name":"livechat-status.read"
5
}
6
]
7
}
Copied!

Modify Livechat custom field configuration

Permission name: livechat-custom-fields.write
1
{
2
"permissions": [
3
{
4
"name":"livechat-custom-fields.write"
5
}
6
]
7
}
Copied!

Access Livechat visitor information

Permission name: livechat-visitor.read
1
{
2
"permissions": [
3
{
4
"name":"livechat-visitor.read"
5
}
6
]
7
}
Copied!

Modify Livechat visitor information

Permission name: livechat-visitor.write
1
{
2
"permissions": [
3
{
4
"name":"livechat-visitor.write"
5
}
6
]
7
}
Copied!

Access Livechat message information

Permission name: livechat-message.read
1
{
2
"permissions": [
3
{
4
"name":"livechat-message.read"
5
}
6
]
7
}
Copied!

Modify Livechat message information

Permission name: livechat-message.write
1
{
2
"permissions": [
3
{
4
"name":"livechat-message.write"
5
}
6
]
7
}
Copied!

Access Livechat room information

Permission name: livechat-room.read
1
{
2
"permissions": [
3
{
4
"name":"livechat-room.read"
5
}
6
]
7
}
Copied!

Modify Livechat room information

Permission name: livechat-room.write
1
{
2
"permissions": [
3
{
4
"name":"livechat-room.write"
5
}
6
]
7
}
Copied!

Access Livechat department information

Permission name: livechat-department.read
1
{
2
"permissions": [
3
{
4
"name":"livechat-department.read"
5
}
6
]
7
}
Copied!

Modify Livechat department information

Permission name: livechat-department.write
1
{
2
"permissions": [
3
{
4
"name":"livechat-department.write"
5
}
6
]
7
}
Copied!

Register new slash commands

Permission name: slashcommand
1
{
2
"permissions": [
3
{
4
"name":"slashcommand"
5
}
6
]
7
}
Copied!

Register new HTTP endpoints

Permission name: apis
1
{
2
"permissions": [
3
{
4
"name":"apis"
5
}
6
]
7
}
Copied!

Access minimal information about the server environment

Permission name: env.read
1
{
2
"permissions": [
3
{
4
"name":"env.read"
5
}
6
]
7
}
Copied!

Access to the server network

Permission name: networking
1
{
2
"permissions": [
3
{
4
"name":"networking"
5
}
6
]
7
}
Copied!

Store internal data in the database

Permission name: persistence
1
{
2
"permissions": [
3
{
4
"name":"persistence"
5
}
6
]
7
}
Copied!

Register and maintain scheduled jobs

Permission name: scheduler
1
{
2
"permissions": [
3
{
4
"name":"scheduler"
5
}
6
]
7
}
Copied!

Interact with the UI (UIKit)

Permission name: ui.interact
1
{
2
"permissions": [
3
{
4
"name":"ui.interact"
5
}
6
]
7
}
Copied!
Last modified 6mo ago