CodeRabbit Documentation - AI code reviews on pull requests, IDE, and CLI

Global admins and scope admins
Global admins
Scope admins
What each role can do
Workspace activity visibility
Knowledge Base privacy
Shared sandbox access
Good rollout practices
What’s next

Control who can configure, who can see, and what stays private. Slack Agent uses both Slack-native admin status and CodeRabbit-specific roles. Everyone in the workspace can sign in, but only the right people can change configuration, view activity, or manage scopes.

Global admins and scope admins

Global admins

Global admins are the people who can manage the workspace as a whole. They include:

Native Slack admins
Slack workspace owners and primary owners
Users with the CodeRabbit cr_admin override

Scope admins

Scope admins can manage only the scopes assigned to them. They can tune repositories, connections, spend settings, and channel targeting for those scopes, but they cannot manage the full workspace.

Scope admins cannot edit the Base Scope. The Base Scope remains reserved for global admins.

What each role can do

Action	Global admin	Scope admin	Member
Sign in and access the UI	Yes	Yes	Yes
Create or delete scopes	Yes	No	No
Edit the Base Scope	Yes	No	No
Edit assigned scopes	Yes	Yes	No
Manage workspace settings and connections	Yes	No	No
Reset the workspace GitHub connection	Yes	No	No

Workspace activity visibility

Usage visibility is role-aware.

Viewer	What they can see
Global admin	All workspace activity
Scope admin	Activity for the scopes they manage, plus their own activity elsewhere
Member	Their own activity

Knowledge Base privacy

Knowledge follows Slack privacy boundaries.

Slack surface	Knowledge behavior
Public channels and other shared surfaces	Use the global workspace Knowledge Base
Private channels	Use a private conversation Knowledge Base
DMs and group DMs	Use a private conversation Knowledge Base

Private knowledge can reference shared knowledge, but it should not be silently treated as shared workspace memory.

Shared sandbox access

Slack Agent currently uses a shared workspace sandbox model rather than a private sandbox for every individual user. That makes workspace governance important:

Configuration changes affect the workspace environment
Saved state can be reused across runs
Admins should be deliberate about who can manage sandbox settings

Good rollout practices

Keep the Base Scope conservative at first
Delegate scopes only where needed
Review usage visibility before wider rollout
Treat private channels and DM knowledge as materially different from shared workspace memory

What’s next

Slack permissions

Review the Slack app and OAuth permissions Slack Agent requests and why they are needed.

Usage

See what activity global admins, scope admins, and other members can inspect after rollout.

Sandboxes

Understand the shared sandbox model and how workspace-level execution state is managed.

Sandboxes Slack permissions

Slack Agent

Workspace setup

Use Slack Agent

Inspect and manage

Admin

Admin roles and security

Global admins and scope admins

Global admins

Scope admins

What each role can do

Workspace activity visibility

Knowledge Base privacy

Shared sandbox access

Good rollout practices

What’s next

Slack permissions

Usage

Sandboxes

Slack Agent

Workspace setup

Use Slack Agent

Inspect and manage

Admin

​Global admins and scope admins

​Global admins

​Scope admins

​What each role can do

​Workspace activity visibility

​Knowledge Base privacy

​Shared sandbox access

​Good rollout practices

​What’s next

Slack permissions

Usage

Sandboxes

Global admins and scope admins

Global admins

Scope admins

What each role can do

Workspace activity visibility

Knowledge Base privacy

Shared sandbox access

Good rollout practices

What’s next