Zulip organized team chat has a new, incredibly flexible system for permissions management! With it, you can:

• Configure the permissions you want, granting them to any combination of roles (e.g., Moderators), groups, and individual users. For example:
• Express your organization’s structure with groups, which now can include other groups, in addition to individual users. For example, the managers group could be made up of engineering-managers, design-managers, etc.
• Decide how to manage each channel: centralized, self-managed, or anywhere in between.

Zulip is an open-source team chat application used by thousands of organizations for seamless remote and hybrid work. With conversations organized by topic, Zulip is ideal for both live and asynchronous communication.

This permissions system is now available in Zulip Cloud and to self-hosted organizations that upgrade to Zulip Server 10.0 (released today!).

In this post, I’ll walk you through how to start using the new functionality to make it easier to manage your organization.

If you’re an engineer, check out the companion post, which dives deep into how we seamlessly transitioned thousands of organizations to a group-based permissions system in a performance-sensitive application.

Configure the permissions you want

If you administer a Zulip organization, all your permission configurations (who can move messages, add custom emoji, etc.) were preserved in this transition, so no action on your part is required. However, we recommend taking a minute to review your settings. You’ll probably find ways to use the new flexible permissions system to make your organization easier to administer. For example:

• You could give managers permission to invite new users, so that they can send out invitations that add their new hires to the appropriate groups and channels. You can combine this with only allowing joining with an email in your company’s domain.
• To tightly control direct messaging, you can require all DM conversations to include team leads.
• You can have your finance team manage plans and billing for Zulip.

Assigning permissions to a combination of roles and groups will make it easier to review and maintain your organization’s policies. Individual permissions are great for unusual situations, e.g., a chief of staff who should have some manager-level permissions but not others.

Tip: When you grant sensitive permissions to a group, be sure to review who has permissions to manage that group, and to add and remove users.

Express your organization’s structure with groups

User groups are convenient for managing permissions in your organization, and for mentioning multiple people at once. For example, many organizations create:

• a group for each team (mobile, design, IT);
• and a group for each leadership role (managers, engineering-managers).

Zulip lets you add a group to another user group, which makes it easy to express your organization’s structure. For example:

• engineers = engineering-managers + individual engineers
• managers = engineering-managers + design-managers + …

With this structure, adding a new team member to engineering-managers automatically adds them to engineers and managers as well. Removing a team member (for example because they’ve transferred teams) automatically removes them.

You can also sync group membership from a third-party database like LDAP.

Note that on Zulip Cloud, creating user groups requires signing up for a Zulip Cloud Standard or Zulip Cloud Plus plan. There are no restrictions on self-hosted systems.

Decide how to manage each channel

Channels are dedicated spaces that help organize collaboration. For example, it’s common to have at least one channel for each team in an organization.

In Zulip, you generally don’t need dedicated channels for projects, because topics help you organize conversations within a channel.

Channels can be private or public, and you can now decide how each channel should be managed. For example:

• When you create a channel, you can make yourself an administrator for it, to manage channel subscribers and configurations on an ongoing basis.
• You can make an announcement channel where you restrict posting permissions to a handful of users.
• You can give everyone on your team permission to subscribe to your team’s private channels:

Zulip’s help center has detailed documentation on all channel permissions.

Parting thoughts

I’m delighted by how intuitive and convenient it now is to manage permissions in Zulip. Organizations with teams that manage their own operations, or with a complex internal structure, may see the greatest benefits.

If you’re not yet using Zulip for your team chat, and permissions management is a challenge for you, do check us out!

Take a look at our other blog posts published today: the Zulip 10.0 release announcement, and Engineering flexible permissions for Zulip open-source team chat.