Sensitive Data Protection

Which permissions are required for each integration?

Learn the permissions required for each Nightfall integration.

Please find the permissions required for each integration, in the table below: Native Integrations:

IntegrationsPermissions RequiredRoles Required for install

Slack

You can create private channels in Channel Management Permissions.

To create, Select the default option - Everyone, plus multi-channel guests.

Nightfall Enterprise DLP for Slack uses three user token scopes:

  • discovery:read

  • discovery:write

  • groups:write

Nightfall Enterprise DLP for Slack has 13 Bot Token Scopes:

  • Channels:join

  • Channels:read

  • Chat:write

  • Commands

  • Files:read

  • Files:write

  • Groups:read

  • Groups:write

  • Im:read

  • Im:write

  • Mpim:read

  • Users:read

  • Users:read.email

Nightfall Pro DLP for Slack has 26 Bot Token Scopes:

  • Channels:history

  • Channels:join

  • Channels:manage

  • Channels:read

  • Chat:write

  • Chat:write.public

  • Commands

  • Conversations.connect:read

  • Files:read

  • Files:write

  • Groups:history

  • Groups:read

  • Groups:write

  • Im:history

  • Im:read

  • Im:write

  • Mpim:history

  • Mpim:read

  • Mpim:write

  • Reminders:read

  • Reminders:write

  • Team:read

  • Usergroups:read

  • Usergroups:write

  • Users:read

  • Users:read.email

Nightfall Pro DLP for Slack has nine User Token Scopes:

  • Admin.conversations:read

  • Admin.conversations:write

  • Channels:read

  • Channels:write

  • Chat:write

  • Files:write

  • Groups:read

  • Mpim:write

  • Users:read

Slack Workspace Owner - Pro

Slack Org Owner - Enterprise

Google Drive

The following access permissions are required:

https://www.googleapis.com/auth/admin.directory.user.readonly,

https://www.googleapis.com/auth/admin.directory.group.readonly, https://www.googleapis.com/auth/admin.directory.group.member.readonly, https://www.googleapis.com/auth/admin.directory.domain.readonly, https://www.googleapis.com/auth/drive

Google Super Admin

Access to the following is required:

  • User Read

  • Group Read

  • Billing Read

  • Domain Management

  • Domain Settings

  • Services > Drive and Docs > Settings: List Companies Shared Drives

Google Service Account

Confluence

Space Permissions:

  • All - View

  • Pages - Add

  • Delete Blog - Add

  • Delete Comments - Add

  • Delete Attachments - Add

  • Delete Space - Admin

Confluence Admin

Jira

Nightfall for Jira can perform the following actions on your behalf:

  • Create and manage issues: Create and edit issues in Jira, post comments as the user, create worklogs, and delete issues.

  • View Jira issue data: Read Jira project and issue data, search for issues, and objects associated with issues like attachments and worklogs.

  • View user profiles: View user information in Jira that the user has access to, including usernames, email addresses, and avatars.

Jira Admin

Github

To enable integration, Read access to the following is required:

  • Code

  • Commit statuses

  • Members

  • Metadata

Github Organization Owner

Salesforce

Nightfall DLP connected app package required the following permissions:

  • Access to identity url service

  • Access content resources

  • Manage user data via APIs

  • Perform requests at any time

A dedicated user with system administrator privileges in Salesforce can install the connected app package, and grant access to Nightfall via OAuth.

Alert Platforms:

Alert PlatformPermissions Required for Install

Slack

Slack Workspace Owner

Jira

Jira Admin

For more information on which integrations/platforms would require/recommend a service account, please refer the page below:

Using Service Accounts with Nightfall
PreviousUsing Service Accounts with NightfallNextWhere can I find active user counts for each SaaS application protected by Nightfall?

Last updated