Permissions

Make sure your staff and members can access what they need, nothing more, nothing less.

Here is a list of commands with their default permissions:

  • Get enrollment information: everyone (this is a user command, not a slash command)

  • /config: administrator

  • /delete: administrator

  • /enroll: everyone

  • /info: everyone

  • /login: everyone

  • /logout: administrator

  • /subscription: administrator

To configure permissions for the integration, go to Server Settings -> Integrations -> Exoguard:

Recommendations

Here is a list of recommendations regarding Exoguard command permissions:

  • Keep /info public but restrict it to your commands channel to avoid clutter

  • Restrict Get enrollment information if you want to have hidden staff members

  • Restrict /enroll to reduce spam in your audit channel if your audit webhook is configured

  • Keep /subscription restricted, you can be held responsible for the use of stolen vouchers

  • Only allow assigned roles to /logout to avoid cluttering your members' slash commands list

  • Separate vanity roles (hoist, color, ping) and permission roles, then only assign permission roles


Separate vanity roles and permission roles

Here is an example of separate vanity roles and permission roles:

Make sure your vanity roles are above your permission roles to maintain hierarchy! If you put a permission role above, logged in users can act against logged out users.

You can also have a Staff role above all to make all your staff hierarchically equal.

Having vanity roles allows your members to know at all time who is part of your staff and who isn't, which will avoid confusion in your community. These are the roles that should have a color and be hoisted, but not hold any permission as they are not assigned and therefore permanent.

Permission roles must be assigned, otherwise there is honestly not much point in using Exoguard for your community. You can make them mentionable instead of the vanity roles if you want to have an "on-call" or "active" staff system, where only logged in staff members will be notified.


Allow users with assigned roles to use the /logout command

While users can always log out by using the big red Log out button on their login confirmation message, you will certainly want to allow assigned roles to use the /logout command as well.

To do that, click on the /logout command within the Exoguard integration settings:

This command is restricted by default since it is completely useless for logged out users. You can safely allow everyone to use it, this would however clutter their slash commands.


Restrict all public commands to make them staff-only

This is not mandatory at all, restricting public commands is only a matter of preference.

While public commands (aka commands everyone can use) are not dangerous, you may want to prevent your server members from executing them on your server if they aren't part of your staff.

We recommend creating a role without any server permission that you will give to your staff. In this example, it will be named Staff but you are obviously free to use whatever name you want.

Once your role is created, set a global override to deny everyone and allow Staff in the settings:

This doesn't give access to admin-only commands unless you override them individually. Using this option will only restrict commands, not give more access, it is completely safe.

Once you have restricted all public commands, you can still allow individual commands afterward. As part of our recommendations, you could allow /info for everyone in your commands channel.

Last updated