All tools|KeepGrid
Free tool · no signup

Discord Permission Matrix

Role hierarchy + channel-by-channel view/send/manage matrix + auto-action rules + 5 common Discord permission misconfigurations to watch for. Free.

Free · no account · rate-limited to 5/15min. For the full pack (13 documents + Launch OS install), start a project.

Why Discord permissions are the #1 silent failure mode

Discord permissions are easy to set wrong and almost impossible to spot once they are. A single mis-clicked checkbox can mean: @everyone sees the staff channels, your Pending role can write in #whitelist-applybefore approval, or your Mod role can't mute users because their role is below the Mute role. Players don't notice until something goes wrong, then everyone notices at once.

A documented permission matrix is the difference between "a new mod knows what the server should look like" and "a new mod accidentally opens the staff log to public". The matrix isn't a config — it's the contract.

What the generator above produces

  • Role hierarchy table: name, suggested color, how the role is obtained, what permissions it grants.
  • Category × role matrix with view/send/manage columns for every category (Information, Community, Tickets, Voice, Staff). Shows at a glance what each role can and can't do per channel category.
  • Auto-action rules for events: on-join → Pending role + DM, on-WL-approve → Whitelisted role + welcome, on-ticket-close → archive, on-slur → delete + log.
  • 5 common misconfigurations: how to spot each in your server settings, how to fix.
  • Bot role positioning: where KeepGrid, Ticket Tool, Carl-bot must sit in your role list to function (above any role they need to manage).
  • Adapts to RP style and staff size. Smaller teams get simpler hierarchies; larger teams get departmental sub-roles.

Best practices we encode

Default-deny, explicit-grant

@everyoneshould be denied View Channel on all categories except Information. Then explicit allow-roles (Whitelisted, Pending, Moderator) get back what they need. The opposite — "everyone has access except staff channels" — is fragile because adding a new private channel requires denying @everyone every time.

Pending vs Whitelisted is the load-bearing wall

New members get the Pending role on join. Pending can see Information channels, can read (but not write) Tickets, can't see Community or Voice. Whitelisted gets View + Send on Community + Voice. The transition between these two roles is your whitelist outcome — make sure your bot auto-flips it.

Bot role above managed roles, below human roles

Discord allows roles to manage only roles below themselves. KeepGrid's bot needs to sit above Whitelisted, Pending, and any faction roles (because it creates and modifies them) but below your human Senior Admin / Owner roles. The generator outputs the exact ordering.

Manage Channels and Manage Roles are dangerous

Don't grant Manage Channels or Manage Roles to Mod-tier roles. A bad actor or a mistake can rename your #general to a slur or assign themselves Owner-equivalent role. Reserve these for Head Admin+ only.

Audit log is your friend

Discord's audit log shows every permission change. Pin a reminder in your staff channel: any permission change should be logged in #staff-log with reason. When something breaks, audit log + staff log together let you trace the cause in 60 seconds.

5 common permission misconfigurations

  • @everyone has Send Messages on Information channels. Players can spam #announcements. Fix: deny Send Messages on @everyone for the Information category.
  • Pending role can write in tickets before whitelist. New users immediately spam #whitelist-apply with "hi can i join" before reading the form. Fix: deny Send Messages for Pending in Tickets category, allow only inside ticket threads via Ticket Tool config.
  • Bot role below Whitelisted. Bot can't assign or remove the Whitelisted role. Whitelist auto-flow breaks silently. Fix: drag bot role above Whitelisted in role list.
  • Voice channels visible to @everyone. Random people sit in your RP voice waiting room before they're whitelisted. Fix: deny View Channel on Voice category for @everyone, allow for Whitelisted.
  • Staff channels not denied to @everyone. Staff discussion leaks. Catastrophic. Fix: deny View Channel on Staff category for @everyone AND for Whitelisted; explicit allow only for Mod+.

Common mistakes to avoid

  • Trusting role inheritance to do permission cascade. Discord doesn't cascade — every channel needs explicit overrides. Always test with a test account that has only the role you're configuring.
  • Adding new channels without re-checking permissions. New channel inherits @everyone defaults; if those are too permissive, you just exposed staff content to public. Always click into the new channel's permission tab.
  • Giving VIPs admin-tier permissions for "perks". Tempting because VIP is paid. Catastrophic when one VIP's account gets compromised. VIPs get content access, not moderation power.
  • Multiple roles with Administrator. Discord's Administrator permission is "owner equivalent". Having 5 roles with this means 5 attack vectors. Limit to 1–2 roles maximum.
  • Forgetting role hoist (visibility). Hoist controls whether the role shows separately in the member sidebar. Hoist for Owner, Head Admin, Mod, Whitelisted; don't hoist for Pending or VIP-tier roles you want subtle.

FAQ

How many roles is too many?

Discord supports up to 250 roles per server. Practical maximum for an RP server is 30–50 (9 staff hierarchy + 10–20 factions + VIP tiers + bot roles). Past 50, role-list management becomes a job. The generator outputs the minimum role set needed for your server size and adds optional faction roles based on what you list.

Should faction roles be hoisted?

Yes for primary departmental factions (LSPD, EMS, Lost MC, etc.) — players want their faction visible. No for sub-roles (LSPD Trainee, Lost MC Prospect) — these clutter the sidebar. Color them, don't hoist them.

What's the safe order for KeepGrid bot vs Ticket Tool vs Carl-bot?

From top to bottom: Owner → Head Admin → Senior Admin → KeepGrid bot → Ticket Tool / Carl-bot → Admin → Mod → Whitelisted faction roles → Whitelisted → VIP → Pending. KeepGrid sits high because it creates roles; ticket bots sit lower because they only need to manage ticket channels.

Can I run a private RP server without Pending and Whitelisted roles?

Yes — for whitelist-only setups, you can collapse Pending into Whitelisted. But you lose the ability to gate ticket content (which is critical for whitelist apps). Recommended only for tightly-knit private servers under 30 players with no public Discord invite.

How do I audit existing permissions without re-doing everything?

Two ways. (1) Free: open Server Settings → Roles → click each role → Permissions tab → review. (2) Paid: KeepGrid Pro's Ops Health weekly scan reads your guild's full permission set, scores it, and flags drift between scans. The free tool above gives you the target state; Pro tells you when reality drifts away from it.

Related tools

  • Staff SOP Generator — match permissions to decision-rights so the matrix actually reflects what staff can do.
  • Ticket Routing Generator — ticket-channel permissions are the single biggest source of leaks.
  • Whitelist Rubric — Pending vs Whitelisted is the role transition; whitelist controls when it happens.

Want all 13 docs + Launch OS install?

The Permission Matrix is one of 13 documents — but more importantly, KeepGrid's installer applies the matrix automatically. Roles created with correct hoist + color + permissions; channels created with category-specific @everyone deny + role-specific allow; bot positioned correctly in role hierarchy. See all plans — from Docs Pack $19 to Launch OS + Pro $59 + $19/mo.