BeBot's Security Management System aims to provide a common interface and structure for dealing with all things security. This document introduces the Security system for all BeBot users.
The core of BeBot security is the Access Level. An Access Level is a defined constant that cannot be changed. Access Levels are not security groups. The SUPERADMIN, ADMIN, and LEADER levels have the same names as BeBot's default security groups. To assist with differentiation, Access Levels are always referred to in uppercase letters and security groups are always lowercase.
BeBot has 8 Access Levels:
- OWNER (Bot Owner) - SUPERADMIN - ADMIN - LEADER - MEMBER (A member of the bot. Guild members in guildbot mode.) - GUEST (Someone added to the guildbot's guestlist (Not used in raidbot mode by default)) - ANONYMOUS (Someone who is not a guest or member, but sends a tell to the bot.) - BANNED (Someone who has been banned.)
All access is defined by these eight levels. Membership is additive, meaning if you are in a higher level you automatically are a member of lower levels too, with BANNED being the notable exception. So an ADMIN is a MEMBER, GUEST, LEADER and ANONYMOUS too.
User Levels, Org Ranks, and Security Groups
A user's Access Level is determined by their user level, security group membership, and their org rank (when BeBot is in guildbot mode) All members of an organization/guild are automatically granted MEMBER access when the bot reads the organization's roster. In addition to assigning this access level, users with SUPERADMIN access are able to assign Access Levels to Org Ranks. For example, every General in your organization can be given LEADER access via the Security Access Level interface.
BeBot has three default security groups named superadmin, admin, and leader. These groups correspond to the SUPERADMIN, ADMIN, and LEADER access levels. Members of the superadmin, admin, or leader groups will have the associated access level.
In addition to the security options provided by user levels and org ranks, the bot's SUPERADMINS are able to create custom security groups and add players to these groups. When a new security group is created, it is assigned the access level ANONYMOUS. Use the Security Access Level interface to raise and lower the access of a custom group.
Defined OWNER and SUPERADMIN users
The only way to grant OWNER access is in the bot's configuration file. One one player character can be the bot's OWNER. You can also define SUPERADMINs in the bot's configuration file, but this is not required. The OWNER and SUPERADMINs defined in the bot's configuration are a special security case. They are not members of the superadmin group, but they do have SUPERADMIN access. It is also not possible to ban the OWNER of the bot or any SUPERADMINs defined in the bot's configuration file. Members of the superadmin group can be banned by the bot's OWNER.