Menu

Help Center

How is the permission hierarchy structured?

Follow

Comments

45 comments

  • Avatar
    zimmah

    Can you give an example? Because it isn't really clear.

    If a person has 3 roles, and 2 of the roles deny something, and another role allows something, is that denied or allowed for that person?

  • Avatar
    OnlyGingerWhenAngry

    zimmah, looks to me like the bullets should be numbered order instead. If I understand it correctly the denies are applied first (2 roles deny creating invites), then allowed is applied (1 role allows creating invites) therefore that user can create invites.

  • Avatar
    johnny mangos

    Yea this really isn't helpful. If that's a hierarchy, then what's on top gets applied last, however it could be read either way. So which is it? Are denies of @everyone applied first, or last? And does a permission applied later over-ride an earlier deny, or is it ignored?

  • Avatar
    Steve

    This is a really awful explanation. Discord really needs an "effective permissions" view, like Windows has. That way I can just see the permissions actually being applied to a member or role in each channel.

  • Avatar
    acrisis [ NA iii ] 🇧🇪

    This ain't even an article ... wish I could give two thumbs down.

  • Avatar
    Elarith

    It's a general practice that the more specific a rule gets, the later that it is applied. Simple testing could confirm this, deny something on an everyone basis, and then apply a rule at a higher level of specificity (User, or specific role). Then test if they have the permission or not.

  • Avatar
    Fishheadman

    I seem to be having trouble with role permissions in channels. If I set the permission in a channel to deny text chat but "members" have chat allowed it does not allow them to chat until I allow it for everyone in that channel. Maybe I am using it wrong but I am trying to set it so people just added to my server can only chat in the lobby and not have permissions anywhere else until they have been given a role.

  • Avatar
    BuddhaRage

    so does that mean an admin can mute even your PM abilities? That would be F'ed up and just lead to bullying....

  • Avatar
    SeventhGrave

    What do you mean by "adding up"? If a person had 3 roles, two of which deny him messages and one allow him messages, what happens? Also what about server definition of roles vs channel role overrides?
    For example, I have an announcement channel. By default members are allowed to post messages to all channels, but for this channel Members are overridden to not post. But if I mark a moderator as a "member" AND a "moderator", how am I supposed to know if he can post or not? This explanation doesn't explain how conflicting channel overrides work.

  • Avatar
    SeventhGrave

    I forgot to mention in my first comment that the channel has three overrides: Everyone, who is unable to view or post, Members, who are able to view but are unable to post, and Moderators, who are able to view and post.

  • Avatar
    Fishheadman

    There needs to be more specific options for roles. I want to be able to have moderators that can assign roles but CANNOT change role permissions in Server Settings or delete roles/channels or assign themselves as Officer/Admin to get access to restricted channels. Currently moderators have the same permissions as an Officer or Admin due to how it is set up. Mods do not need the same access as Admin or Officers.

  • Avatar
    Cilantrelle

    @SeventhGrave in your case, which ever role is the highest in the list is the most effective. Any conflicting permissions (within the server-wide roles menu) will be overridden by the highest priority role.

    @Fishheadman be sure and throw your suggestion at feedback.discordapp.com so we can get it prioritized! =]

  • Avatar
    ⚔Str8UpJack⚔[¡¡¡]🇺🇸

    Wow.. This is a horrible explanation and does nothing to help someone understand the system of setting permissions.. Perhaps you are getting too fancy.. K.I.S.S.

  • Avatar
    Otis
    Let me try to explain. Let's say we have three groups: - Officer - Guild Leader - VIP User1 is a member of all three. If any one of these is allowed posting, he will be able to post no matter what. The application assumes that if you want all VIPs to post, and User1 is a VIP, then you want User1 to post. It assumes that you only want to deny Guild Leaders from posting if they aren't a member of a role that allows them to. If you don't want them to post, remove their VIP role.
  • Avatar
    BowTieJason
    So is I click in the voice permissions it says "connect"This means If i check that for the @everyone they wont be able to connect to that specific channel right? I need it to do that so I can make a diplomacy room for if I need to talk to a rowdy guest without interruptions or being snooped on from other guests set to @everyone
  • Avatar
    juress
    There is no hierarchy on Discord, rly? All we want is to assign a role to a guest of the server and edit their permissions.
  • Avatar
    DarkonFullPower

    @juress There "is" one, but you have to build it. You make no role aka "@everyone" have the permissions you want a guest to have and then go up from there.
    Then you add every role you have to every chat you make. Any missing roles will be ignored. I learned that the hard way. You can then further edit there permissions on a chat per chat basis.

  • Avatar
    FailsWithTails

    From what I can tell, this is actually quite straightforward. The only thing I'd recommend is not to look at it as bullet points, but rather the order in which they are applied, logically overriding previous steps. @everyone "guests" are the default. The more specific the rule's target (everyone --> specific roles --> specific users), the later it is applied, and the more generic rules it overrides.

  • Avatar
    Fairy of the Forgotten Forest

    I just tried to block a specific's member's ability to embed links and attach files, but they seem to be doing it fine despite the barrier. I'm confused. So server wide permissions > individual punishments imposed by the admins?

  • Avatar
    Cilantrelle

    @Fairy of the Forgotten Forest: Not exactly- you might be missing something somewhere. Did you create a new role and assign it to the user, or did you make a channel permissions exception? Let me know here and I can help further.

  • Avatar
    Porta-Monkey

    @FailsWithTails Yup you got it, the way they explained it was very clear for me. The order permissions are applied in is "everyone", then "roles", and lastly "individual".

    Caveat with the role:

    If you have a player assigned to multiple roles with contradicting permission you need to "add" or "sum" them up. Like this: "Role1: Permission X = True", "Role2: Permission X = False", "Role3: Permission X = True". "Role4: Permission X = False", 

    Our example user "Miles" has roles 1 and 2, so their will cancel out (true+false = neither) to that weird gray slash.

    User "Jackie" has roles 1 and 3 (true + true = TRUE).

    And user "Steph" has roles 2 and 4 (false + false = FALSE)

  • Avatar
    UnLucky

    "Adding up all the allows for roles" or "Sum up all the denies of a member's roles and apply them at once" is exactly what I came here to find out how that works in the first place.

    It's as if the only thing the article said was:

    How is the permission hierarchy structured?

    An individual's permissions are determined by the hierarchy of the permissions system.

  • Avatar
    Cilantrelle

    @UnLucky Discord doesn't sum or add any role exceptions- that's not the way it works in the client at all. If you have a channel permission exception in any role, that exception will take charge, regardless of how many redundant roles have a true/false equivalent.

  • Avatar
    UnLucky (Edited )

    @Cilantrelle Exceptions...? You've lost me. Not only are you going completely against the article, but you're using terminology that I don't understand, that isn't in the original article nor the accompanying article about permissions, and which I can't find in the Discord client's settings anywhere.

    What takes charge? Can you allow a user, or group of users, to have access to a channel, or multiple channels, while still sharing a Role with other users who do not have access to the same channels?

    Can you deny a user, or group of users, to not have access to a channel, or multiple channels, while still sharing a Role with other users who do have access to those channels?

    How can I set that up? What order do the roles have to be, what permissions do they have to have, what permissions should the channels have, and how can I even assign permissions to specific users without using roles (the article assumes this is somehow possible)?

  • Avatar
    Cilantrelle

    @UnLucky admittedly, this article is a bit out of date, and is high in queue to receive an update with more consistent language. I'll do my best to clarify everything you're wondering about here.

    I refer to them as "exceptions" because they're individual instances that act separate from the global permissions, in a user's role. You can add these exceptions to 3 different types of groups- an individual useran entire role, or to the "@everyone" role. 

    Using these separate types of channel exceptions, you can tailor access (to allow OR deny) of channels to any group of users you want. Even users who share a role. You can add individual exceptions (for literally single users) that circumvent role exceptions. IE explicitly allowing the "group1" role to read messages in a channel, but another exception can be added to deny "bob" that same permission, even though he has the group1 role.

    The role management 101 article has better steps for this.

  • Avatar
    UnLucky

    But how do you assign permissions/exceptions to an individual user? I don't see the option in the server settings or the context menu or their profile. Unless you mean create a new role with only one user in it.

    So very basically, the hierarchy would work like so:

    First use @everyone's permissions as a base

    Then any permissions that are granted to each user by all of their roles, with those higher in the server list resolving any conflicts.

    After that, the permissions (exceptions?) for each role (user?) in a channel's settings take precedence over all else, again with the ones higher up in the channel's list having priority if multiple roles both allow and deny at the same time.

    Is that correct?

  • Avatar
    Cilantrelle

    The individual exceptions I'm referring to are in edit channel settings, not anything to do with server settings. They exist separately from the server settings role page. You've pretty much got it figured out, with 2 small extra details:

    1. Users can have multiple roles (server settings). If a lower role has a permission that the higher role does not, the user still attains that permission, regardless of the higher role.

    2. Physical position only makes a different in server settings. You cant change the order of exceptions in edit channel settings.

  • Avatar
    UnLucky

     Ok, so channel settings mimic the server settings' role hierarchy.

    Thanks for your help. I'd just like one more clarification on how multiple roles inherit permissions from lower roles. Is the user's highest role treated as if it has all of the permissions across all of that user's multiple roles? Or are they still separate.

    As in, if a lower role can Kick Members, but a higher role cannot, can a user with both roles kick members from a role between these two in the hierarchy (but doesn't share any other role besides @everyone)?

  • Avatar
    Cilantrelle

    Yup, The user will have the hierarchy status of the highest role, but with all the assumed permissions of roles under it.

  • Avatar
    Lokesh

    What kind of half-assed article is this?

Article is closed for comments.