Search code examples
jenkinsslack-apislack

Restrict slack-slash command access


I have automated the deployments in Jenkins from slack by slash commands.

I need give permission for slash commands or restrict the slash command access only to particular users (i.e) some members in the channel can deploy the dev environment by using /deploy_dev but they should not able to deploy to staging and production environments.


Solution

  • In order to restrict access to a custom slash command just check which user invoked the slash command in your script and then either execute the command or deny it (and reply with an appropriate message).

    Slack is always providing the user ID and user name with the request, so that information is available in your scripts. See the example below for a command request from Slack: (from the official documentation)

    token=gIkuvaNzQIHg97ATvDxqgjtO
    team_id=T0001
    team_domain=example
    enterprise_id=E0001
    enterprise_name=Globular%20Construct%20Inc
    channel_id=C2147483705
    channel_name=test
    user_id=U2147483697
    user_name=Steve
    command=/weather
    text=94070
    response_url=https://hooks.slack.com/commands/1234/5678
    

    To manage who has access I would recommend using private channels, so that a user has to be member of a specific private channel if he wants to execute a specific slash command. You can call groups.info to get the user IDs of all members of a private channel in your script.

    Note that slash commands are always accessible to all users and there is no global configuration option in Slack, which would allows you to grant access to specific slash commands. So you have to do this in your script as detailed above.