Control who can configure, who can see, and what stays private. CodeRabbit Agent for Slack uses both Slack-native admin status and CodeRabbit-specific roles. Everyone in the workspace can sign in, but elevated access is required for workspace-wide settings and some web app surfaces.Documentation Index
Fetch the complete documentation index at: https://docs.coderabbit.ai/llms.txt
Use this file to discover all available pages before exploring further.
Global, automation and scope admins
Global admins
Global admins are the people who can manage the workspace as a whole. They include:- Native Slack admins
- Slack workspace owners and primary owners
- Users with the CodeRabbit
cr_adminoverride
Automation admins
Automation admins are CodeRabbit Agent users who can help manage automations without receiving full workspace-admin access. Workspace admins assign this role from Workspace Users and can use Account Settings to decide whether automation creation is open to any user, limited to global admins, or available to global admins and Automation admins. When Automation admin management is enabled, Automation admins can create automations, view automation admin surfaces, and manage same-workspace automations. They cannot manage the full workspace, reset workspace connections, manage users, or administer scopes unless they also have another role that grants those permissions.Scope admins
admins can manage only the scopes assigned to them. They can tune repositories, connections, spend settings, and channel targeting for those scopes, but they cannot manage the full workspace or admin-only web surfaces such as Automations, Sandboxes, or workspace user management.Scope admins cannot edit the Base Scope. The Base Scope remains reserved for global admins, although scope admins can still view it in read-only mode.
What each role can do
Global admins have full access to all workspace actions and settings. Every action listed in the table below is always available to global admins regardless of any other configuration.
| Action | Automation admin | Scope admin | Member |
|---|---|---|---|
| Sign in and access the UI | Yes | Yes | Yes |
| View the Connections page | Yes | Yes | Yes |
| Create or edit connections | No | Yes | No |
| Create or delete scopes | No | No | No |
| View the Base Scope | No | Yes | No |
| Edit the Base Scope | No | No | No |
| Edit assigned scopes | No | Yes | No |
| Create automations | Yes, when enabled in Account Settings | Depends on the creation policy | Depends on the creation policy |
| Edit, pause, resume, or delete automations | Yes, when Automation admin management is enabled | No | Created automations only |
| Run immediately or stop a running channel automation | Yes (channels only) | Yes (channels only) | Yes (channels only) |
| Access the Sandboxes page in the web app | No | No | No |
| Manage workspace users or other workspace-wide settings | No | No | No |
| Reset the workspace GitHub connection | No | No | No |
Workspace activity visibility
Usage visibility is role-aware.| Viewer | What they can see |
|---|---|
| Global admin | All workspace activity |
| Automation admin | Automation surfaces and activity available through automation management, plus their own activity elsewhere |
| Scope admin | Activity for the scopes they manage, plus their own activity elsewhere |
| Member | Their own activity |
Knowledge Base privacy
Knowledge follows Slack privacy boundaries.| Slack surface | Knowledge behavior |
|---|---|
| Public channels and other shared surfaces | Use the global workspace Knowledge Base |
| Private channels | Use a private conversation Knowledge Base |
| DMs and group DMs | Use a private conversation Knowledge Base |
Shared sandbox access
CodeRabbit Agent currently uses a shared workspace sandbox model rather than a private sandbox for every individual user. That makes workspace governance important:- Configuration changes affect the workspace environment
- Saved state can be reused across runs
- Admins should be deliberate about who can manage sandbox settings
Good rollout practices
- Keep the Base Scope conservative at first
- Delegate scopes only where needed
- Review usage visibility before wider rollout
- Treat private channels and DM knowledge as materially different from shared workspace memory
What’s next
Slack permissions
Review the Slack app and OAuth permissions CodeRabbit Agent requests and why they are needed.
Usage
See what activity global admins, scope admins, and other members can inspect after rollout.
Sandboxes
Understand the shared sandbox model and how workspace-level execution state is managed.