.systemreferes to the user that is resolved when accessing the APIs using an application access key/secret.
authenticated usercan create a channel
.systemcan create a channel
.systemcan delete a channel
authenticated useradd themselves to a channel
.systemcan add any user to any channel
authenticated usercan remove themselves from a channel.
.systemcan remove any participant from any channel
participantof a channel can get a list of all participants in that channel.
.systemcan get all participants for any channel.
participantof a channel can access the channel object.
.systemcan get the channel object for any channel.
participantof a channel can send a message to a that channel with themselves as the sender.
.systemcan send a message to any channel with any user as the sender.
participantof a channel can read and will receive all messages that are sent to a channel.
.systemcan read any message on any channel, but it won't
receiveany messages as
.systemcannot assign delivery endpoints to itself.
authenticated usercan delete a message that was sent by them.
.systemcan delete any message.
.systemcan create users
.systemcan get tokens issued, revoked or listed for any user, except itself.
authenticated usercan get additional tokens for themselves.
authenticated usercan revoke any token that has been issued to them.
authenticated useran list all token ids for tokens that have been issued to them.
.systemcan delete users.
authenticated usercan fetch or patch metadata for themselves.
.systemcan fetch and patch metadata for any user, except itself.