/ small business

How to audit slack permissions

Slacks permission system is based around scopes, read about Slack Scopes and Permissions

Can public users view my workspace email accounts?

The permission to "View your workspace members' email addresses" is users:read.email: https://api.slack.com/scopes/users:read.email

How to check who has users:read.email permission set

Note that "Bot user tokens are granted access to the email field without needing further scopes."

  • As a member of a workspace I can view public members email adress if present, which may not be want you want or are allowed to do if this is personal priviate information

Happy endless gdpr auditing!