Slack workspaces can contain several different types of users. Slack refers to these various user groups as Roles. These roles determine the types of actions users can take in Slack. Slack has the following roles:
1. Owner: This Role manages the Workspace. There can be one Primary Owner and several Workspace Owners. Slack Enterprise Grid customers also have owners for their organization.
2. Admin: This Role manages users and has some administrative capabilities. Admin accounts are created by Owners and help manage users.
3. Member: Most employees fall into this user group. This role has access to all Slack features but with limited administrative features.
4. Guest: This role has limited abilities in Slack.
Slack Owners are responsible for administering Slack Workspaces. They can assign roles to all other users. There are two types of Owners in Slack - a Workspace Primary Owner and other Workspace Owners. There can only be one Workspace Primary Owner for each Slack workspace. The major difference is that the Primary Owner can delete the Workspace or transfer ownership while other Workspace Owners do not have those abilities.
Slack Admins manage members, including guest accounts. They can also change members into Admins and grant them the additional privileges that come with a role change. They also have the ability to archive channels.
These are the bulk of Slack users. A full member has access to most of Slack’s functionality but has limited ability to manage members or change workspace settings. It’s important to note that default Slack permissions grant members the ability to install Slack App Directory apps in a workspace.
There are two types of guests in Slack - Multi-channel guests and single-channel guests. Guest accounts are primarily used to collaborate with clients, partners, and contractors. Guest users are billed to the Workspace that invited the guest to join.
An alternative to guest accounts in Slack is Slack Connect. Slack Connect is a way to create a shared channel between users at different Slack Workspaces to enable cross-organization collaboration.
In terms of guest accounts, be mindful of what channels and data invited members can access. Sometimes guests do not have the same training or clearances as full-time employees. Ensure your Slack workspace’s permissions for guest accounts reflect these appropriate data access levels.
Customers on Slack Enterprise Grid plans have additional roles with more granular permissions. These additional roles are called System Roles. The following four system roles are available to Slack Enterprise Grid customers:
1. Channels Admin: this role allows for channel administration. They can convert public channels into private channels and vice-versa.
2. Compliance Admin: this role allows for the management of legal holds.
3. Roles Admin: this role can edit user roles.
4. Users Admin: this role allows for the creation, deletion, and deactivation of users.
Understanding Slack Roles and associated permissions is important to keeping your Slack usage compliant. Since Slack can serve as a single centralized data store, setting up your workspace to prevent unauthorized data disclosure is crucial to protecting your organization.
To learn more about Slack, compliance, and cybersecurity contact us today!