Least Privilege Setup for Chatbot that creates meetings on behalf of users?

gauraves · November 12, 2020, 12:56pm

Description
A clear and concise description of what the question is.

We have a chatbot that will match users with experts for consultation. At some point in the workflow, the chatbot will create a meeting using the experts (delegated?) permissions and then invite the user and the expert into the meeting.

We would like to implement this with the least privileges needed (i.e not require the bot to be able to create meetings on behalf of any/all users in the enterprise). In other chatbot/collaboration platforms, we are able to get delegated permissions from the expert during set up when the expert first interacts with the chatbot, and then create a meeting on behalf of that expert when needed using the delegated permissions. (Creating a meeting on behalf of the expert will also allow us to create up to 2 concurrent meetings per expert we believe)

What is the least privilege set up and permissions needed in our chatbot on the zoom platform? What do we need to specify when creating the chatbot and what do we need to ask the experts to consent to?

Any other advise for this set up, limits on meeting counts etc we should be aware of will be appreciated.

will.zoom · November 13, 2020, 8:06pm

Hey @gauraves,

Thanks for reaching out about this, and happy to help clarify. To that end, I should note that all Chatbot apps are account-level apps:

This means that when an account owner or admin installs this app, it will be installed on the Zoom client of all users under the account.

However, within the scope of the app itself, you can designate limited scopes. This allows you to control which kind of information exactly the Chatbot will be able to access for a given user—for example, read-only Meeting data, read/write, etc.

If you’re looking to require the least amount of privileges from an individual user perspective, you will want to limit the scopes that you enable for your Chatbot.

Let me know if this information helps!

Best,
Will

system · December 14, 2020, 6:06am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can a chatbot create a meeting with meeting:write:admin and just the client_credentials grant type? API and Webhooks	4	728	October 29, 2021
As meeting:write is not available for chatbots, does it mean that chatbot can not create a meeting on behalf of a non-admin user using OAuth 2.0 flow? API and Webhooks	9	1066	November 6, 2021
Create a Meeting API daily limit for ACCOUNT LEVEL APP with meeting:write:admin scope? API and Webhooks	3	537	August 6, 2021
OAUth App creating a meetings between our website users API and Webhooks	2	616	February 26, 2022
Create meetings on behalf of a "basic plan" user? API and Webhooks	2	682	August 21, 2020

Least Privilege Setup for Chatbot that creates meetings on behalf of users?

Related Topics