Restrict slack-slash command access

Question

I have automated the deployments in Jenkins from slack by slash commands.

I need give permission for slash commands or restrict the slash command access only to particular users (i.e) some members in the channel can deploy the dev environment by using /deploy_dev but they should not able to deploy to staging and production environments.

Answer 1

In order to restrict access to a custom slash command just check which user invoked the slash command in your script and then either execute the command or deny it (and reply with an appropriate message).

Slack is always providing the user ID and user name with the request, so that information is available in your scripts. See the example below for a command request from Slack: (from the official documentation)

token=gIkuvaNzQIHg97ATvDxqgjtO
team_id=T0001
team_domain=example
enterprise_id=E0001
enterprise_name=Globular%20Construct%20Inc
channel_id=C2147483705
channel_name=test
user_id=U2147483697
user_name=Steve
command=/weather
text=94070
response_url=https://hooks.slack.com/commands/1234/5678

To manage who has access I would recommend using private channels, so that a user has to be member of a specific private channel if he wants to execute a specific slash command. You can call groups.info to get the user IDs of all members of a private channel in your script.

Note that slash commands are always accessible to all users and there is no global configuration option in Slack, which would allows you to grant access to specific slash commands. So you have to do this in your script as detailed above.