Good Knight's Permissions Wizard is the most advanced security feature available on Discord and has been modeled after enterprise security practices used by many major companies. On Discord, any user with standing dangerous permissions is a risk to your server and a clear target for hackers. Dangerous permissions are defined as any permission that can help a hacker damage your server. This includes obvious ones like Administrator, Manage Server, or Manage Channels to less obvious ones like Kick, Manage Roles, or Mention @everyone. One solution to securing dangerous permissions is to use Cold Accounts but it quickly becomes a pain to constantly log into an account that is supposed to be "cold" every time you want to make a change.

Using the Permissions Wizard, assigning a user dangerous permissions can now be safe and accessible! Instead of a user having these permissions perpetually, users can temporarily access permissions through Good Knight. This password protects the permissions so that no hacker can use them without your Good Knight password and gives your admins/mods the power to manage your server without the risks.

How do I give a user access?

The Good Knight admins can easily customize permissions access for each user individually with the /manage-mods command. Then the user can access their temporary permissions with the /permissions-wizard command.

How do I revoking a temporary permission?

When a temporary permission is created, a message is sent to the #good-knight-logs channel. This message will list information about the permission including how much time is left and a button to revoke the permission if the user has completed the needed actions before the time expires. An additional security feature is built into this button so that any Good Knight user can revoke the temporary permission. This allows any other admin/mod to quickly remove the permissions if they see anything suspicious. The tagged role (shown in yellow below) will only exist while that role is active. Once the permission has expired, you should see @deleted-role in its place.

How does the Permissions Wizard work?

A temporary role with the requested permission is created and the user is assigned to the role. This role is placed directly below Good Knight's role. Once the temporary permission expires, the role is deleted which remove access to the permission. This is a security feature which prevents a user from elevating someone else into that role.