Introduction
Permissions are the way you control what users are and are not able to do on your server. Managing permissions correctly is imperative to prevent abuse and give your members an optimal experience.
However, it can be very difficult to manage them correctly, and even small exploits that don't cause severe problems or damage can still make the server appear disorganized and poorly run.
In this guide, we explain the details behind how permissions interact and are calculated. You can find a list of permissions at the bottom of this page.
Mechanics
Certain actions correspond to a specific channel, and the permissions relating to those can be overridden per-channel. For example, you can control whether or not users can send messages at a per-channel leve.
The priority order of permissions and overrides may not be intuitive. Here's how it's calculated:
- If the user has a user-level override, it applies.
- If the user has any role that is allowed by a role-level override, they are allowed.
- If the user has any role that is denied by a role-level override, they are denied.
- If there is an
@everyone-level override, it applies. - If the user has any role that has that permission globally, they are allowed.
- They are denied.
Crucially, role-level overrides do not follow role hierarchy; rather, if any role allows it, you are allowed, even if a higher role denies it. As such, you should avoid role-level allow overrides when possible as it prevents you from using role-level deny overrides properly in the future.
A common mistake arising from this is with mute roles - if you give a verification role a channel override to be able to speak in a channel, then mute roles no longer work for verified users.
Permissions that are not channel-specific like Ban Users will just check whether or not the user has any role with that permission.
Some permissions will consider other permissions - for example, sending messages first requires the user to be able to view the channel.
How To
Introduction
Due to the way permissions are calculated (positive role overrides always overrule negative role overrides), you
generally want to minimize positive role overrides as much as possible. Note that positive
@everyone overrides are fune as role overrides always take priority over those.
How do I set up a verification role?
Most servers have a role that is granted by clicking on the verification prompt to confirm that they have read the rules (and as a trivial filter against bots). Generally, channels will only be visible to verified users.
Make sure you remember that positive overrides you grant the verified role are effectively no longer able to be denied by role-level overrides. Therefore, do not give verified users explicit channel overrides allowing them to send messages if you want mute roles to be able to work.
The best way to make verification roles is to deny @everyone the base permission to view channels
and grant it to the verification role globally. Then, all channels will, by default, be visible only to verified
users. This way, you don't have to set overrides on every channel blocking @everyone.
If you want a public channel that @everyone can see but only verified users can send messages in,
you can do the same and disable sending messages at a global level for @everyone and enable it for
the verification role. To then have a public channel that @everyone can send messages in, just use
a positive override. Remember that @everyone overrides are always lower priority than role overrides,
so this isn't a problem.
@everyone to see and send
messages in all channels! Verification roles offer little to no security anyway. Additionally, most bots/raids
consist of user bots spamming server members' DMs, which you would not need to get a verification role to do.
However, if you have not passed Discord's built-in verification, it will not let you DM people whose only mutual
server with you is that server.
How do I set up access roles?
You may want to lock some channels behind access roles such as reaction roles (e.g. a discussion category that
only some users want to see). You will have to use a positive role override in this case. Firstly, deny
@everyone permission via an override. Then, grant the access role permission.
The key point is just to avoid enabling any positive overrides except basic access (View Channel).
Note that the above doesn't apply to channels where the role isn't self-assigned, e.g. staff channels. In that case, just use the override method.
What about read-only staff channels?
If you are granting positive overrides to staff members, that is fine. The reason you want to avoid role-level allow overrides is that it prevents you from locking them out via a negative role, but you shouldn't need to mute your staff members, and if so, there is probably more that needs to be done. If really needed, you can just temporarily demote them or time them out.
How do I set up a mute role?
Set an override in every channel that denies permissions you want muted users to be unable to use. We recommend Send Messages, Send Messages in Threads, Add Reactions, and Connect. If you allow your members to create threads, you should also deny that to the mute role.
List
The following is a list of all Discord permissions and what they do.
Create Invite CreateInstantInvite link
Allows users to create invite links to the server, which other users can use to join the server. Users do not need this permission to share existing invite links, including the vanity URL, only to create new invites.
Kick Members KickMembers link
Allows users to kick members from the server, instantly removing them from the server but not preventing them from rejoining. This is subject to role hierarchy.
Ban Users BanMembers link
Allows users to ban members from the server, preventing them from rejoining the server and also banning their IP.
Allows users to unban members, allow them to rejoin the server (if they have an invite; unbanning does not re-add members).
Bans are permanent unless revoked. Users who aren't in the server can be banned to prevent them from joining. This is subject to role hierarchy, and non-members are considered underneath everyone.
Administrator Administrator link
Grants users all permissions in the server and in all channels. Also prevents users from being timed out by anyone. This is still subject to role hierarchy, so admins cannot kick/ban anyone not below them and can be kicked/banned by anyone above them.
Manage Channels ManageChannels link
Allows users to create, edit, and delete channels. Editing channels includes changing the channel's name, topic, bitrate, video quality, user limit, region, slowmode, auto-archive duration for threads, etc.
Manage Server ManageGuild link
Allows users to edit server properties such as the name, icon, banner, etc. Also allows users to add applications to the server (e.g. bots). Also allows users to configure built-in AutoMod and users with this permission always bypass AutoMod.
Add Reactions AddReactions link
Allows users to add new emoji reactions to messages.
Users can always remove their own reactions.
View Audit Log ViewAuditLog link
Allows users to see the audit log which keeps track of moderation and administrative actions for a certain amount of time. They can see all actions, even those that they do not have permission to perform.
Use Priority Speaker PrioritySpeaker link
Allows users to enable Push-To-Talk Priority Speaker mode, which causes all other users in a voice channel to have their volume reduces while the user is using priority mode.
Stream Stream link
Allows users to stream in a voice channel, including screensharing and using the video camera.
View Channel ViewChannel link
Allows users to see channels and see incoming messages while focused on the channel. Users can see category channels if they can see at least one channel in it, and seeing a category does not automatically allow them to see any or all channels in it.
Send Messages SendMessages link
Allows users to send messages in text and text-in-voice channels that they can view. Also allows users to create forum posts but not to talk in them.
Send Test-To-Speech Messages SendTTSMessages link
Allows users to use /tts which sends a message that is read aloud to everyone focused on the channel.
Manage Messages ManageMessages link
Allows users to delete other users' messages, pin messages, publish other users' messages in announcement channels, and remove embeds from other users' messages. Except for pinning messages, the other three are always available for one's own messages. This is not subject to role hierarchy.
Embed Links EmbedLinks link
Links that users send will show embeds if possible and the user has not suppressed embeds using <...>. For bots, this is necessary for them to send custom embeds in messages.
Attach Files AttachFiles link
Allows users to upload files in messages they send. This is not limited to images; users can upload most types of files.
Read Message History ReadMessageHistory link
Allows users to view messages in channels that they can view, even if they were not focused on the channel at the time, and allows them to search back through all past messages.
Without this permission, users will see "You do not have permission to view the history of this channel." and will only be able to see messages received by their client while they were in that channel.
Mention <code>@everyone</code>, <code>@here</code>, and All Roles MentionEveryone link
Allows users to use @everyone to ping all server members who can see the channel, @here to ping all online members who can see the channel, and ping any role regardless of if it has the "Allow anyone to @mention this role" setting enabled. This is not subject to role hierarchy.
Use External Emoji UseExternalEmojis link
Allows users to use emoji from other servers in messages and reactions (if they have Nitro or are a bot).
View Server Insights ViewGuildInsights link
Allows users to see the server insights page, which provides information about server health, members joining and leaving, which invites they are using, member retention, participant message count, etc.
Connect Connect link
Allows users to join voice and stage channels that they can see. Being able to speak is controlled by Speak but they can listen unless deafened.
Speak Speak link
Allows users to speak in voice channels that they are connected to. This does not allow users to speak in stage channels; stage moderators are appointed separately per stage channel (via the channel permission settings) and choose who is allowed to speak.
Mute Members MuteMembers link
Allows users to force-mute users (including themselves), preventing them from speaking in any channel regardless of if they have the Speak permission. Also allows users to undo force-mutes, including on themselves. Users who have muted themselves cannot be muted by anyone else. This is not subject to role hierarchy.
Deafen Members DeafenMembers link
Allows users to force-deafen users (including themselves), preventing them from hearing what is happening in voice or stage channels. Also allows users to undo force-deafens, including on themselves. Users who have deafened themselves cannot be undeafened by anyone else. This is not subject to role hierarchy.
Move Members MoveMembers link
Allows users to move members who are already in a voice channel in this server into another voice channel. The user performing this action must have [[Connect]] in the target channel, but the target user does not need to be able to see or join it on their own. Users cannot be connected by another user and can never be moved between servers even if the user has this permission in both servers. This is not subject to role hierarchy.
Use Voice Activity Detection UseVAD link
Allows users to use voice activity detection mode. Without this permission, users can only use Push-To-Talk.
Change Nickname ChangeNickname link
Allows users to change their own nickname.
Manage Nicknames ManageNicknames link
Allows users to change other members' nicknames. This is subject to role hierarchy.
Manage Roles ManageRoles link
Allows users to create, edit, delete, add, and remove roles that are below them in role hierarchy (however, adding/removing roles can be done to members above them in hierarchy).
Allows users to edit channel overrides for roles that are below them and permissions that they have.
Manage Webhooks ManageWebhooks link
Allows users to create, edit, and delete webhooks, as well as view a list of webhooks and get their URLs.
Manage Emoji and Stickers ManageEmojisAndStickers link
Allows users to upload, rename, and delete emojis and stickers. Also allows bots to control which roles can use emojis, which is a little-known feature that isn't very useful and isn't supported by most bots.
Use Application Commands UseApplicationCommands link
Allows users to use slash commands and context menu commands (right clicking a message or user and selecting "Apps").
application.commands scope set when inviting the bot. If you are not seeing a bot's commands and you gave it this scope, you likely have too many bots; if you have over 50 bots, some will no longer be able to register commands.In fact, this permission currently does nothing for bots.
Request to Speak RequestToSpeak link
Allows users to request to become a speaker in stage channels, which can be approved or denied by stage moderators.
Manage Events ManageEvents link
Allows users to create, edit, and delete server events, including starting and ending them.
Manage Threads ManageThreads link
Allows users to edit, archive, unarchive, lock, unlock, and delete threads and view all private threads.
Create Public Threads CreatePublicThreads link
Allows users to create public threads (threads that all users can see).
Create Private Threads CreatePrivateThreads link
Allows users to create private threads, which can only be seen by users with Manage Threads and users who are explicitly invited to the thread.
Use External Stickers UseExternalStickers link
Allows users to send messages with stickers from other servers.
Send Messages in Threads SendMessagesInThreads link
Allows users to send messages in threads and forum posts.
Use Activities UseEmbeddedActivities link
Allows users to use activities such as YouTube's Watch Together in voice channels.
Timeout Members ModerateMembers link
Allows users to timeout other members, disabling all permissions except [[ViewChannel]] and [[ReadMessageHistory]]. Some other features like adding to existing reactions or using message components (buttons and dropdowns) are also disabled.