Permission System
From ShockvoiceWiki
Contents |
Introduction
This document explains, how the permission system in Shockvoice works. It is not easy to grasp at first, but allows for very flexible management.
Users and Groups
Shockvoice does not assign permissions directly to users. Instead you are supposed to create usergroups, that are assigned the permissions and then assign these usergroups to users. That way you can create for example a "serveradmin" group that you give permission to modify the server properties and then you assign a list of users to be members of this group.
Assign or Execute?
One thing that confuses people as they create a new group is that there is a column of values titled "assign" and one titled "execute". This is a very important difference. If you want a user to be able to modify this server, you give this person "execute" permission. That means they are allowed to execute this function. However imagine the same person is allowed to modify usergroups. That would mean the person can basically give any permission he/she likes to him/herself. Of course we don't want that, so we have this second column titled "assign". There you can configure that the person is also allowed to give this permission to people. So a person who is allowed to do ANYTHING on a server is not at all allowed to give the same permission to others unless you want to.
Accumulation
Usergroups in Shockvoice accumulate their permissions. What does that mean? Let's say you have one usergroup that may change a server called "serveradmin" and you have one usergroup that is allowed to create and modify channels called "channeladmin". Now lets say you want a person to be able to have both permissions. There is no need to create a new group "server & channel admin". You just add this user to both groups and the person will have both permissions.
In case there is a conflict between groups, the higher value for that permission will be used. For example if one group specifies the user may create 10 virtual channels and the other specifies 5 then the final value for the user will be 10, not 5 and not 15.
I am channel admin. But where?
Once you assign a user to a group, you will notice that there is a second field for the channel. By default you can choose to assign a user to a group serverwide. But you can also choose to assign the person to this group only in one channel. This way you can make that person for example "channeladmin" just in one channel. Or in a list of channels. Of course there are permissions that do not make any sense in the context of a channel. You cannot give a person the permission to change server properties but only in one channel. These permissions are ALWAYS serverwise, no matter in which location you assign them. Check the list of all permissions below to know which permissions have which scope.
List of all permissions
Superadmin permissions
These permissions are valid across all servers. Be careful who you give them to. An administrator of only one instance within Shockvoice should NEVER have any of them.
"IS", "SuperAdmin allowed to start and stop SV"
"IC", "SuperAdmin allowed to create/modify/delete servers"
"IM", "SuperAdmin allowed to modify servers"
"IU", "SuperAdmin allowed to manage users"
"IRM", "SuperAdmin allowed to modify roles"
"IRA", "SuperAdmin allowed to assign roles"
"IP", "SuperAdmin allowed to manage plugins"
"IIE", "SuperAdmin allowed to import/export data" (this one is reserved for future use. it has no use right now)
Admin permissions
These permissions should go to an admin of a server instance with some exceptions:
- You might consider not giving the person the permission SM because it allows to edit rather sensitive information of the server like slotcount and port it runs on. Instead assign only the permission SMB which reduces to the most essential parameters.
- The second permission you should consider not assigning is SP, because it allows the person to activate/deactivate plugins and change values like quota.
- The third sensitive permission is SCD, because it allows the user to chose the codecs to use. Depending on your policy, you might want to chose the codecs that the user is allowed to use on his server for example for traffic reasons.
"SM", "Admin allowed to modify all parameters of a server" "SCD", "Admin allowed to manage codecs" "SP", "Admin allowed to manage plugins" "SMB", "Admin allowed to modify basic parameters of a server" "SU", "Admin allowed to create/modify/delete users" "SUM", "Admin allowed to modify users" "SUR", "Admin allowed to register users" "SB", "Admin allowed to ban users from server" "SK", "Admin allowed to kick users from server" "SC", "Admin allowed to create administrative channels", "SRM", "Admin allowed to manage server roles" "SRA", "Admin allowed to assign server roles" "SSM", "Admin allowed to send server messages" "STP", "Admin allowed to request temporary server password" "SIE", "Admin allowed to import/export data" (this one is reserved for future use. it has no use right now)
The following permissions have channel scope. They can be assigned to users within a channel only or serverwide:
"SJ", "Admin allowed to join admin-only channel" "SHC", "Admin allowed to see hidden channels" "SJP", "Admin allowed to join protected channels" "SJV", "Admin allowed to join protected voice groups" "SIP", "Admin allowed to see IP adresses"
Channel permissions
These permissions can be assigned serverwise or within a channel only:
"CC", "ChannelAdmin allowed to create registered channels" "CB", "ChannelAdmin allowed to ban users from channel" "CK", "ChannelAdmin allowed to kick users from channel" "CMU", "ChannelAdmin allowed to move users" "CMC", "ChannelAdmin allowed to move channels" "CMD", "ChannelAdmin allowed to moderate channels" "CV", "ChannelAdmin allowed to modify voice groups"
User permissions
These permissions can be assigned serverwise or within a channel only:
"UV", "User with voice on moderated channel" "UC", "User who can create temporary channels" "UVC", "How many virtual channels can be created"
