RealmsCore includes a unique permission system, based around the concept of Permission Sets, rather than groups/ranks. There are two main reasons for this:
Many servers have their permissions systems front-and-center, but separating players into ranks doesn’t work well on roleplay or PvP servers. The RealmsCore permission system fades into the background, so the player-facing ranks are based on roleplaying and player freedom, and not on permissions.
Permission Sets also provide more control. Because players can have multiple sets, cheat permissions can be disabled when playing survival, closing the gap between players and staff. Full permissions can be quickly re-enabled, if needed.
Access limitations let you require admin-approval or supervision before players can use a permission set. Feel comfortable giving players access to creative mode, WorldEdit, VoxelSniper, because all admins are notified and can approve or deny access to those privileges.
A Permission Set is simply a list of permission nodes. A player can have access to multiple sets, but only one set can be active at a time.
All sets must be listed in the permsets.yml file. An example file, with instructions and examples for the suggested sets below, is automatically placed in the plugin folder. Customize it to suit your server’s needs. Changes are loaded automatically.
The following sets are included in the example file.
These are some of the sets used on the official server (The Realms of Wolfia), and should be sufficient for most small servers. Larger or more complex servers may want to use this as a starting point, and expand on it.
- Basic set: all the basic permissions that are available to everyone
- Builder utilities set: everything in basic, plus some utility commands that may be useful for building, such as fly mode, and basic WorldEdit (fixwater, thaw, extinguish, superpick), while still remaining survival-friendly
- Builder cheats sets: everything in builder utilities, plus creative mode and more WorldEdit functions
- Staff utilities set: everything in basic, plus moderation commands (like kick and mute), survival-friendly
- Staff cheats set: everything that the admins of your server need, including everything in the above sets, plus vanilla (op) commands, all gamemodes, and full access to most other plugins and functionality
Remember, these are not ranks or groups of players. See the next section to understand how these sets are made available to players.
Giving players access to sets
To give permissions to players, you must put the permission nodes in a set (as described above), and then list the set under the player’s UUID in the playerperms.yml file. Changes are loaded immediately.
The default set is the active set on login. Utility and cheat sets are applied with shortcut commands “/utility” and “/cheat”, but are otherwise treated the same way as all other sets. All other sets can be applied with “/set <set name>”.
All players will have access to sets listed under “everyone”.
By default, when a player switches to a different permission set, an admin must approve this.
If the set is listed under adminSupervised, an admin* simply needs to be online, and the player can immediately switch to that set, without explicit approval.
If the set is listed under instantAccess, the player can switch to it anytime, regardless of whether an admin* is online.
An example file, with instructions, is automatically placed in the plugin folder. Customize it to suit your needs.
Continuing from the suggested sets above, here is how their access may be set up in the playerperms.yml file. Again, this is based on the official server’s permissions.
- Everyone has access to the basic set.
- If you want to give “builder permissions” (such as fly, creative, WorldEdit) to some players, they may have access to builder_utility and builder_cheat. If they are trustworthy, they may have adminSupervised or even instantAccess to one or both of these sets.
- All staff members may have instant access to admin_utility.
- Fully trusted admins (possibly just the server owner) may have instant access to admin_cheat.
The following features are built into RealmsCore permissions to help protect your server. However, you should still be careful about giving permissions to players who may not be trustworthy.
Players can never access permissions beyond their permission sets
Players have access to only the sets listed below their UUID, playerperms.yml, as well as the sets listed under “everyone”.
This is a security feature to ensure players cannot unintentionally or maliciously access extra privileges. Admins are notified about any attempts to bypass this security feature (as described below).
Editing permissions requires access to server files
The two permissions files cannot be modified from in-game. You must have access to the server files to edit them. This limitation helps protect your server from glitches, exploits, hackers, accidents, and rogue admins.
You should never give anyone access to your server console, files, or admin privileges, unless you completely trust them.
*RealmsCore double-checks that admins are actually admins
RealmsCore uses multiple checks to ensure that only real admins can use important commands, such as permissions and moderation commands. This feature is called Admin Multi-Check.
The multiple checks make it nearly impossible to fool RealmsCore into thinking a player is an admin. “Force op” hacks are useless against this system.
Admins are notified about attempts to bypass security features
SomePlayer failed security check (Admin Multi-Check failed). SomePlayer failed security check (command: /kick someStaffPlayer).
RealmsCore tracks when players try to use critical commands that they’re not supposed to, or when there’s an attempt to bypass the security features.
If someone tries to impersonate an admin (such as force op hacks), failed security check. If some random player tries to kick someone, failed security check. These messages show up to all online admins, and as warnings in the server console/logs.