Roles and Permissions

The Programmable Chat Permission model uses Roles and Permissions to enforce what Users and Members can do within a Service instance. These permissions are related to Channels, Members, and Messages. Roles and their associated permissions can be edited and extended on a per Service instance basis to meet the needs of different use cases.

Table of Contents

Roles and Role Scopes

Chat Roles are divided into two "Scopes," Service and Channel. These determine how the Role permissions are applied depending on the context.

  • Service level Roles are assigned to Users and dictate which Channels the User can see, join, and create.
  • Channel level Roles are assigned to Members within a Channel. These roles determine what Members can do within that Channel, such as send Messages, add other Members, edit Messages and more.

Permissions are enforced at runtime based on the action being performed and whether the User/Member's Role has the required Permissions. If they do, the action is allowed and will be processed. If not, the action will be disallowed, and an error message will be returned to the requesting endpoint (usually a 403 Permission Denied error).

Note: Chat Service instances are created with a default set of Roles and Permissions. You can modify and extend these Roles and their assigned Permissions via the REST API.

Default Roles and Permissions

When a new Chat Service instance is created, the following default Roles are created with the assigned set of Permissions:

Role Permissions
Service Admin
  • addMember
  • createChannel
  • deleteAnyMessage
  • destroyChannel
  • editAnyMessage
  • editAnyMessageAttributes
  • editAnyUserInfo
  • editChannelAttributes
  • editChannelName
  • inviteMember
  • joinChannel
  • removeMember
Service User (Default Service User Role)
  • createChannel
  • editOwnUserInfo
  • joinChannel
Channel Admin
  • addMember
  • deleteAnyMessage
  • destroyChannel
  • editAnyMessage
  • editAnyMessageAttributes
  • editChannelAttributes
  • editChannelName
  • inviteMember
  • leaveChannel
  • removeMember
  • sendMediaMessage
  • sendMessage
Channel User (Default Channel Member Role)
  • deleteOwnMessage
  • editOwnMessage
  • editOwnMessageAttributes
  • leaveChannel
  • sendMediaMessage
  • sendMessage

Manage Roles and Permissions

It is possible to manage Roles within a Service instance, create new ones, modify Permissions for a Role, and more via the Roles REST endpoint. You can find more information on how to do this in our Programmable Chat Roles REST Resource

Please note that we plan to add managing Roles to the Chat Console in the near future.

Note: While it is possible to delete the default Roles, it is not advisable, as any Users and Members created before the delete will reference the Default Role SIDs. Instead, modify these roles and reuse them, adding new Roles as needed.

Need some help?

We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.