# Roles & permissions

# Managing roles

Roles can be managed using the role manager found in Admin > Roles.

  • A new role can be created from the plus icon on the top left
  • Roles can be reordered by dragging and dropping them on the sidebar
    • the most privileged roles should be on the top

# Assigning roles to users

Roles can be assigned to users using the profile administration card visible to administrators on profile pages.

All roles are listed on the card. Clicking on one will grant/revoke it to the user.

# Role sync

Roles can be synchronized into in-game groups and back using the integration addons/plugins. The in-game equivalent field on the role manager should be filled with the exact name of the corresponding role in-game.

The server sliders on the role manager can be used to sync specific roles only on certain servers. The role with the highest order is prioritized for games which only support one group per user (e.g. Garry's Mod).

# Permission hierarchy

Role permissions follow a hierarchy.

  • Every user has the permissions assigned to the Everyone role (despite it not being shown on profiles).
  • If a user has a role with a permission explicitly allowed, any other roles they might have with said permission disabled won't have any effect.
  • Banned users (with the global or web scope) only have the permissions granted to the Banned role despite any other roles & permissions (including those from the Everyone role) they might have normally.

# Forums DLC permissions

Forums DLC permissions function similarly to regular permissions. However, besides global permissions from the role manager it's possible to assign category- and board-specific permissions.

Rather than a switch, board/category permissions have three possible states (deny/inherit/allow). Permission inheritance: board permissions > category permissions > global permissions.


Threads in all categories/boards are viewable by default. To restrict access, deny the view threads permission for both the Everyone and the Banned role and grant it for roles that should have access.