Role Hierarchy
Hierarchy of permissions applies to Administrators, while the Server Owner is the only user completely immune. Hierarchy rules can be used to ones advantage while building a server.
Last updated
Hierarchy of permissions applies to Administrators, while the Server Owner is the only user completely immune. Hierarchy rules can be used to ones advantage while building a server.
Last updated
Role Hierarchy provides an opportunity to structure Discord in a secure manner which protects verified users from unverified while staggering high-threat roles in preparation of attacks. Roles are positioned to do the least harm if compromised by phishing attacks or DMs (Direct Messages).
The highest threat to security, Server Owner, is kept offline (COLD) and off the table, while high threat roles/permission are layered out of reach from one another. These accounts are used only during operating hours, only used in one server (WARM), and given to trusted operators.
These roles are visible to all within the server, easy to identify and not always true to their permissions and considered Vanity. For instance, Vanity Admin and Moderator do NOT have true administrator access.
Consider this account to be the private key or seed phrase. Only used when first setting up the Discord and in the case of transferring ownership over. The Owner has absolute authority that supersedes all roles and therefore does NOT need to have a role or be easily identifiable.
2FA using SMS is vulnerable to social engineering. 2FA can be bypassed if a user has Discord key and/or social engineering. Authenticator apps are preferred, Yubikeys/physical authenticators are best (unfortunately don't work with Discord yet)
The only role with Administrator permissions, does not show up visible on the right-side user list and is used only by those building and maintaining the Discord on the backend. Users with this role should be limited as each additional Admin adds a potential point of failure.
Admins should have only (1) account, specifically used only for the server they work in. Their DMs should always be off and they should NEVER accept random friend requests. Operating this account outside of work creates additional attack points and opportunities for failure.
This role does NOT have Administrator permissions, this role cannot create/add/edit channels. This role is given only to those who operate in high-risk channels, such as #Announcement Channels. It can be a temporary role given to users as needed for announcements.
Bots are required to mitigate threats such as raids, spam, advertising, restricting links/language, staff impersonation, as well as enforcing the join gate and providing additional security tools. Few bots require Administrator, this should be avoided whenever possible.
Other dangerous permissions bots may require: Manage Webhooks, Manage Channels, and Manage Roles. Some of these only temporarily need these roles, others such as token-gated verification bots may require them at all times. Role hierarchy is used to protect and separate high-threat user roles from bots, and high-threat bots from other bots and users.
Admin, Team, Moderator roles that are visible to all within the server. It's essential these roles be identifiable to users, especially those who are moderating and answering questions/assisting users. These users do NOT need Administrator, Manage Channels/Roles/Webhooks, etc.
In addition to no Administrator and/or Manage Webhooks/Channels/Role permissions, Moderators don't need to have access to high-impact, high-threat channels such as Announcements, Official Links, Security/Education Channels etc.
Furthermore, Moderators mute/kick/ban permissions could be all done through an automod bot command instead of directly giving them these permissions. This role is most likely to be compromised and the more limited it is in abilities, the less of a risk it is to the server.
These users are less likely to cause problems and can have access to gifs/links/images or other permissions / access to channels with less strict automod rules. Still all users, including staff are limited to which links they can post.
All users who complete and pass the join gate receive this role. Ideally the join gate blocks bots while causing the least amount of friction to true human users. It is preferred all verification is handled within Discord itself, not through DMs or third-party websites.
All users that join Discord, before passing a join gate are unverified. Servers should be setup to restrict and separate verified from unverified users making it more difficult for DM contact and ensuring unverified users are NEVER able to chat directly in the server with verified users.