Permission System¶
Armory Bot provides a flexible permission override system so you can control who can use administrative commands.
Overview¶
The permission system uses command categories to organize related commands. You can grant or revoke access to entire categories for specific users or roles.
Permission Check Order¶
- Manage Server permission - Universal bypass (server admins always have access)
- User Overrides - Specific permissions for individual users
- Role Overrides - Permissions inherited from roles
- Default Deny - If no permission is granted, access is denied
Command Categories¶
| Category | Description |
|---|---|
| economy | Economy and shop administration |
| shop | Shop user/admin surfaces |
| moderation | Moderation and case-management tools |
| admin | High-trust admin operations |
| leveling | Leveling configuration and rewards |
| logging | Logging configuration |
| welcome | Welcome flow and onboarding |
| voice | Voice features and controls |
| timers | Timer and event command groups |
| roles | Role-management tooling |
| operations | Deployments, bounties, and operations |
| tags | Tags and trigger features |
| polls | Poll commands |
| announcements | Announcement scheduling |
| suggestions | Suggestion workflows |
Managing Permissions¶
Grant Permission¶
Give a user or role access to a command category:
Provide exactly one target: either user or role.
Examples:
/permissions grant command_group:economy role:@TrustedModerator reason:"Can manage economy"
/permissions grant command_group:shop role:@ShopKeeper reason:"Manages the server shop"
/permissions grant command_group:moderation role:@ModTeam
Revoke Permission¶
Remove access from a user or role:
Provide exactly one target: either user or role.
Example:
List Permissions¶
View all active permission overrides:
Examples:
Runtime Behavior Notes¶
- Only overrides with
enabled = trueare applied at runtime. - Disabled overrides can remain stored for future re-enable but are ignored during permission checks.
- User/role target validation is strict; invalid Discord IDs are rejected.
Check Permissions¶
Debug why a user has or doesn't have access:
Example:
This shows: - Manage Server permission status - User-specific override - Role-based overrides - Final decision
Best Practices¶
Recommended Setup
- Create dedicated roles for different admin levels (Moderator, Admin, Specialist)
- Grant command categories to roles rather than individual users
- Use user overrides only for exceptions
- Always provide a reason when granting/revoking permissions
- Regularly audit permissions with
/permissions list
Example: Setting Up Moderators¶
# Create a Moderator role in Discord
# Grant moderation permissions
/permissions grant command_group:moderation role:@Moderator reason:"Mod team permissions"
# Grant logging access
/permissions grant command_group:logging role:@Moderator reason:"Can configure logs"
# Grant access to view economy stats (but not modify)
# Use a separate "Economy Viewer" role for this
Audit Logging¶
All permission changes are logged to the audit system, including:
- Who granted/revoked the permission
- When it was changed
- The reason provided
- Target user or role
View audit logs:
Important
Users with Manage Server permission always have full access to all commands, regardless of permission overrides. This cannot be revoked.
Default Behavior
By default, all administrative commands require Manage Server permission or an explicit permission grant. This is a secure "deny by default" model.