Proposal For A *Total* Overhaul to the Permissions system.
Introduction
Discord is a great platform for creating large communities of likeminded people all over the world. These communities, or "servers", can be of varying sizes - from a small group of firiends, to an official game server.
In the former case, a server with friends does not need to worry so much about the permissions that everyone has - people can mess about for a laugh, but the main use of the server is just to talk to friends. However, for the larger servers, such as clan servers and official game servers, a rigorous permissions system is required to ensure that people do not overstep their bounds and wreak havoc on the members. The main issue with this, and the point of this proposal, is that server owners have to worry more about permission abuse than permission mis-management. The distinction here being that abuse comes about when a member has too much permission at their level, and mis-management is a server management failure.
1: The Current Situation
Currently in Discord, permissions are very simple. A permission for managing messages exists with the ability to delete and pin messages. A permission for managing roles exists with the ability to add, remove and edit the roles of any user below them. There is a basic hierarchy which can be totally ignored if someone has the Administrator role. There is no inheritance system which can make setting up roles correctly much harder, and makes role lists sprawling and complex. And last but not least, the "Manage @everyone, @here and All Roles" permission is all bound to the same thing.
The issue is a fairly easy one to understand - the system is too simple. There are multiple different permissions in each option, which is an affront to user experience design and a total failure to the security and prosperity of servers. For example, "Manage Messages" gives me pin permission but also delete permission. While I can see these are both examples of someone managing a message, what if I want to give certain members the ability to pin but not delete messages? This would require the use of a custom bot, totally circumventing the permissions system altogether.
However, the simplicity of the system is also a boon; for smaller servers or even servers with inexperienced admins/owners, having a simple system is preferable to sprawling menus and fine-tuning each option.
2: The Solution
The solution, then, is to create a new permissions system entirely, with a focus on both organisation of permissions and the depth of control users have. Below I have laid out both a tree of most of the expected features and a potential layout, as well as a UI example of how this could be implemented.
•
├── Manage Messages
│ ├── Pin Messages
│ └── Delete Messages
├── Manage Members
│ ├── Kick Members
│ ├── Ban Members
│ ├── Mute Members
│ │ ├── Text Chat
│ │ └── Voice Chat
│ ├── Move Members
│ ├── Disconnect Members
│ ├── Deafen Members
│ └── Nicknames
│ ├── Change Own Nickname
│ └── Change Others Nicknames
├── Manage Server
│ ├── Change Server Name
│ ├── Change Server Icon
│ ├── Change Server Region
│ ├── Change Server Banner
│ ├── Change Server Invite Splash Screen
│ └──
├── Manage Roles
│ ├── Add New Role
│ ├── Delete Role
│ ├── Edit Role Settings
│ │ ├── Edit Role Name
│ │ ├── Edit Role colour
│ │ └── Edit Role Permissions
│ ├── Grant Roles
│ └── Revoke Roles
├── Manage Channels
│ ├── Create New Channel
│ ├── Move Channel
│ ├── Edit Channel
│ │ ├── Edit Channel Name
│ │ └── Edit Channel Permissions
│ └── Delete Channel
├── Create Invite
│ ├── Maximum Invited User Limit
│ └── Maximum Invite Validity Duration
├── Manage Emoji
│ ├── Add emoji
│ ├── Rename Emoji
│ └── Delete Emoji
├── Manage Webhooks
│ ├── Add Webhook
│ ├── Edit Webhook
│ └── Delete Webhook
├── Channel Visibility and Connectivity
│ ├── See Text and Voice Channels
│ ├── Send Messages In Text Channels
│ ├── Connect to Voice Channels
│ └── Speak in Voice Channels
├── Text Chat Content Permissions
│ ├── Send Embeds
│ ├── Send Files
│ ├── Send TTS Messages
│ ├── Use External Emojis
│ └── Add Reactions
├── Video Chat Content Permissions
├── Use Video Chat
│ ├── Go Live
│ └── Webcam
│ └── Priority speaker
├── View Audit Log
└── ADMINISTRATOR
I tried my best here to reconstruct the Discord UI and then add my own elements. As we can see, the majority of the content is the same, with the exception of the added control and organisational elements. Each group of permissions is bundled into a toggleable "folder" to hide and show the elements you need and de-clutter the window.
The toggle switches make a return, and for added control I've included checkmark boxes for toggling different options under a main feature - for example "Mute Members" has a "Mute Text" and "Mute Voice" option which can be toggled independently. In this case if one were to un-toggle the main "Mute Members" permission, both would be disabled.
I didn't create the entire tree since this would take a while and I've already been at this for just under 4 hours now, but hopefully it gives a brief idea. The main takeaway is that the system needs more options, not just a one size fits all solution to permissions which either give too much or too little power to users. In the old system, having a "helper" role to pin messages and move channels around would be possible, but the helper users would then have the ability to delete and create channels as well, something that may lead to abuse. In my proposed redesign, the only time the helper role would be able to do this would be when the admins explicitly allow it.
Of particular note, and a major new feature, is the Target Matrix. Yes, it sounds like something out of Star Wars, but it is in fact a neat way of ensuring that only certain users can target certain others. For example, as it stands right now anyone with the permission to edit roles can edit literally everyone's roles, with the caveat that they can't touch roles higher than them. This might still lead to unintended abuse however, so explicitly stopping Mods from being able to target Admins, for example, would fix this issue.
3: TLDR and Conclusion
The TLDR is basically to break up permissions and organise them better so that admins can, for example, let a role create voice channels but not delete them. This would save a lot of admins much headache as well as improve the operational trust and efficiency of a larger server.
Thank you for your consideration! If you'd like more mock-ups of the UI or have comments and questions about the idea, please let me know in the comments :)
-
This is a good concept.
Just a small thing, maybe rename the second "Add/Remove Roles" in the "Manage Roles" section to "Grant/Revoke Roles". It's less confusing that way in my opinion.
2 -
Yeah that's a good point, thanks for that!
1 -
This has to be done, a complete overhaul of the permissions for roles, this would make servers more stable.
2 -
Another idea is to ensure that users cannot grant themselves roles that have more permissions than their current role, and also to use an override system for main server roles
In addition: the override system could be made more useful by making higher roles' deny permissions override allow permissions from lower roles. This would allow much easier mute roles and similar roles.
1 -
This would be amazing.
My main *want* is for a hierarchy with role permissions to supercede the roles below it.
Eg. Role A having deny read above Role B with allow read. This would allow for the ability to create a mute role that bypasses a user's current roles rather than removing them all.People have spoken about setting permissions to neutral and then setting the allow/deny but this doesn't work for servers that have multiple games that are hidden until the user specifys their games (eh reaction roles bot etc)
While I've used the 'mute' role as an example, it isn't limited to that type of role.
I feel like discord used to work like this but for some reason changed at some point and I don't know when it even why.Phenomenal effort on your post and sorry to match on. I feel like the Devs never let us know if they're considering something, have seen something or are even aware of the communities increased interest in a certain area.
I've seen so many posts that are two years old asking for some of the same things people are asking for now with no clue if the Devs are even aware that the people are asking for these.
Makes you feel like these feedback options are useless and/or ignored.3 -
Discord is also great for people who don't want to spend too much time looking into permissions and how they work. Perhaps an owner toggle to opt-in to this system would also be great. That way, if the new system is too daunting, that's fine, you can stick with the current way, but those that want more complex permission management can enable it.
3 -
@Greenfoot5 true, but you've also got to remember that the current system is very unintuitive in some situations, such as role overrides. Even if a new system is implemented with an off-switch there are still some changes that should be made to the current system to avoid new users being confused by the current system's quirks.
2 -
That's great you took your time to organize the discord's UI and show a preview of them. Customization should be something common, but devs of many applications and system are too lazy or mean to allow that. They might agree if they're paid or crowds (in thousands) of users demand it, or better both. I really would like to live in a world that devs would do something just because it makes it better for users not for themselves.
-1 -
That's a very good point Minion3665. I know many organizations that are willing to migrate to discord from other messaging platforms (such as Teams or Slack), but get overwhelmed with the details of the complex permission system in discord.
It would be awesome to have a 'Simple Mode' server setup, that mimic Slack permissions: private (i.e., invite only) and public channels, and Admin and Everyone roles. By inviting someone to such 'private' channels, the person would already have read/write permissions (instead of having to add the each permission to a person as it is done currently).
1 -
This seriously needs to be a thing... i had a role with "Manage Roles" enabled, which was near the bottom of the role list... turns out though, if you have this role, along with a role near the top. It gives you full reign of the entire role list. Permissions need much finer tuning ability.
0
Du måste logga in om du vill lämna en kommentar.
Kommentarer
10 kommentarer