Permissions & access
ClashDuke gives you three layers of access control, from simplest to most granular:
One role that unlocks manager-gated commands.
Grant individual commands to specific roles or members with /access.
Fine-grained, permission-based roles for the web control panel.
1. The manager role
Section titled “1. The manager role”By default, management commands require Discord’s Manage Server permission. To let trusted staff manage ClashDuke without that permission, set a manager role:
/config manager_role:@Co-LeadersAnyone with the Manage Server permission is always treated as a manager; the manager role simply adds more people to that group.
2. Per-command delegation — /access
Section titled “2. Per-command delegation — /access”/access delegates a single command to specific roles or members. Granting a
command has two effects at once:
- It allows the target role/member to run that command, and
- It restricts that command to those delegated roles/members plus Manage-Server managers.
In other words, delegating a command also locks it down.
/access itself requires Manage Server.
| Subcommand | Options | Description |
|---|---|---|
/access grant |
command (autocomplete, required), target (role or member, required) |
Allow a role or member to use a command |
/access revoke |
command (autocomplete, required), target (role or member, required) |
Remove a delegation |
/access list |
— | Show all command delegations |
/access grant command:/war target:@War Team3. Web dashboard roles (RBAC)
Section titled “3. Web dashboard roles (RBAC)”The web dashboard uses its own role-based access control, resolved live on every request so changes and revocations take effect immediately. Each web role is a named bundle of permission keys, and roles have a rank — you can only assign roles ranked below your own.
Built-in role presets
Section titled “Built-in role presets”ClashDuke ships a set of cloneable role presets you can assign or customize per server:
| Role | What it’s for |
|---|---|
| Owner | Full control, including billing |
| Admin | Everything except billing |
| Co-Leader | Wars, rosters, reminders, war room, CWL, moderation, clans, exports |
| War Manager | Wars, rosters, reminders, war room, CWL |
| Family Ops Lead | Family announcements, stats, end-of-day, signups, pre-spin, DM rules, exports |
| Elder / Staff | Tickets, moderation, player views |
| Recruiter | Tickets, links, player views |
| Analyst | History, leaderboards, exports, player & family views |
| Event Manager | Rosters, signups, embeds, announcements |
| Moderator | Moderation, tickets, audit log |
| Editor | Embeds, log feeds, boards |
| Treasurer | View billing |
| Viewer | Read-only across the dashboard |
| Member | Dashboard access only (the default for a self-serve Discord login) |
Permission keys
Section titled “Permission keys”Roles are built from granular permission keys, grouped by area — for example
wars.view, rosters.manage, reminders.manage, moderation.manage,
logs.manage, autoroles.manage, billing.manage, and settings.manage. Web
guards and the bot resolve access against this same vocabulary, so the dashboard
and the bot stay consistent.
How the layers work together
Section titled “How the layers work together”- Bot commands are gated by Discord permissions (Manage Server), the
manager role, and any
/accessdelegations. - The dashboard is gated by the web RBAC roles above.
- Superadmin access (the platform operator) is always explicit — never implied by a server role.