Skip to content

Permissions & access

ClashDuke gives you three layers of access control, from simplest to most granular:

Manager role

One role that unlocks manager-gated commands.

Command delegation

Grant individual commands to specific roles or members with /access.

Web dashboard roles

Fine-grained, permission-based roles for the web control panel.

By default, management commands require Discord’s Manage Server permission. To let trusted staff manage ClashDuke without that permission, set a manager role:

/config manager_role:@Co-Leaders

Anyone with the Manage Server permission is always treated as a manager; the manager role simply adds more people to that group.

/access delegates a single command to specific roles or members. Granting a command has two effects at once:

  1. It allows the target role/member to run that command, and
  2. It restricts that command to those delegated roles/members plus Manage-Server managers.

In other words, delegating a command also locks it down.

/access itself requires Manage Server.

Subcommand Options Description
/access grant command (autocomplete, required), target (role or member, required) Allow a role or member to use a command
/access revoke command (autocomplete, required), target (role or member, required) Remove a delegation
/access list Show all command delegations
/access grant command:/war target:@War Team

The web dashboard uses its own role-based access control, resolved live on every request so changes and revocations take effect immediately. Each web role is a named bundle of permission keys, and roles have a rank — you can only assign roles ranked below your own.

ClashDuke ships a set of cloneable role presets you can assign or customize per server:

Role What it’s for
Owner Full control, including billing
Admin Everything except billing
Co-Leader Wars, rosters, reminders, war room, CWL, moderation, clans, exports
War Manager Wars, rosters, reminders, war room, CWL
Family Ops Lead Family announcements, stats, end-of-day, signups, pre-spin, DM rules, exports
Elder / Staff Tickets, moderation, player views
Recruiter Tickets, links, player views
Analyst History, leaderboards, exports, player & family views
Event Manager Rosters, signups, embeds, announcements
Moderator Moderation, tickets, audit log
Editor Embeds, log feeds, boards
Treasurer View billing
Viewer Read-only across the dashboard
Member Dashboard access only (the default for a self-serve Discord login)

Roles are built from granular permission keys, grouped by area — for example wars.view, rosters.manage, reminders.manage, moderation.manage, logs.manage, autoroles.manage, billing.manage, and settings.manage. Web guards and the bot resolve access against this same vocabulary, so the dashboard and the bot stay consistent.

  • Bot commands are gated by Discord permissions (Manage Server), the manager role, and any /access delegations.
  • The dashboard is gated by the web RBAC roles above.
  • Superadmin access (the platform operator) is always explicit — never implied by a server role.