Capability Catalog

Capability Catalog

Complete reference of all SYNTHET capabilities. Each capability is a granular permission that can be granted or denied to roles. Organized by module with risk assessments and detailed descriptions.

What Are Capabilities?

Capabilities are the granular permission units in SYNTHET. Instead of coarse Discord permissions like "Manage Messages", SYNTHET uses specific capabilities like:

moderation.ban - Can ban members
moderation.view_logs - Can view moderation logs
economy.admin - Can manage economy settings
rbac.manage - Can modify RBAC policy

Each capability is independent. A role can ban members but not delete messages. A bot can moderate but not access economy systems.

Risk Tier System

Every capability is assigned a risk level indicating its impact on server security and integrity:

LOW Risk

Safe operations with minimal impact. Reading information, viewing logs, accessing read-only data.

Examples: moderation.view_logs, economy.view_balances, rbac.view_policy

Grant to: Anyone who needs to view information. Often set as defaultPublic=true.

MEDIUM Risk

Moderate impact operations. Modifying user settings, creating content, non-destructive actions.

Examples: moderation.warn, moderation.mute, moderation.timeout, economy.adjust_balance

Grant to: Junior moderators and trusted roles. Monitor usage patterns.

HIGH Risk

Significant impact operations. Removing members, deleting content, modifying important settings.

Examples: moderation.ban, moderation.kick, moderation.delete_message, moderation.manage_channel

Grant to: Senior moderators and administrators only. Audit usage regularly.

CRITICAL Risk

Destructive operations affecting server infrastructure. Can cause major damage if misused.

Examples: moderation.nuke, rbac.manage, rbac.break_glass, data.purge, system.shutdown

Grant to: Server owner and designated emergency admins only. Every use logged and audited.

Default Public Flag

Some capabilities have a defaultPublic flag which determines their behavior when no explicit grant exists:

defaultPublic = true

Capability is allowed by default unless explicitly DENIED. Used for safe, common operations.

Examples: moderation.view_logs, economy.view_balances. Any role can use unless policy explicitly denies.

defaultPublic = false

Capability is denied by default unless explicitly ALLOWED. Used for dangerous operations.

Examples: moderation.ban, rbac.manage. Only roles with explicit ALLOW grant can use.

Note: Most HIGH and CRITICAL capabilities have defaultPublic=false (safer default).

Moderation Module Capabilities

Member management, enforcement, and channel moderation:

moderation.ban

Ban members from the server

HIGH

moderation.kick

Kick members from the server

HIGH

moderation.mute

Mute members (prevent text messages)

MEDIUM

moderation.warn

Issue warnings to members

MEDIUM

moderation.timeout

Timeout members (temporary message restriction)

MEDIUM

moderation.delete_message

Delete user messages

HIGH

moderation.manage_channel

Create, delete, modify channels

HIGH

moderation.view_logs

View moderation and action logs

LOW

moderation.nuke

Perform server-wide destructive operations (DANGEROUS)

CRITICAL

Economy Module Capabilities

Virtual currency, balance management, and economy settings:

economy.view_balances

View user and server economy balances

LOW

economy.adjust_balance

Modify user balances (add/remove currency)

MEDIUM

economy.admin

Configure economy settings, manage shops, adjust multipliers

HIGH

economy.reset

Reset all economy data (destructive)

CRITICAL

RBAC Module Capabilities

Permission policy management and role configuration:

rbac.view_policy

View current RBAC policy and configurations

LOW

rbac.manage

Modify RBAC policy, create grants, adjust settings

CRITICAL

rbac.create_override

Create user-specific permission overrides

HIGH

rbac.break_glass

Activate emergency break-glass mode (owner only)

CRITICAL

rbac.view_audit

View RBAC audit logs and decision history

LOW

Security Module Capabilities

Anti-nuke, anti-raid, and threat response:

security.view_alerts

View security alerts and threat logs

LOW

security.manage_config

Configure anti-nuke and anti-raid settings

HIGH

security.trigger_lockdown

Manually trigger raid lockdown

HIGH

security.manage_quarantine

Manage quarantined members, verify accounts

MEDIUM

Browsing the Capability Catalog

Access the full catalog in the RBAC Dashboard:

Catalog Tab

RBAC Dashboard → Catalog tab. Shows all available capabilities organized by module group.

Filtering by Group

Dropdown to filter by module: Moderation, Economy, RBAC, Security, System. Click a group to expand and see all capabilities in that module.

Filtering by Risk Tier

Checkboxes to show/hide capabilities by risk level. Useful for understanding what HIGH and CRITICAL capabilities exist.

Search

Searchable text field to find capabilities by name. Type "ban" to find all ban-related capabilities across all modules.

Capability Details

Click any capability to see extended details: full description, risk tier explanation, defaultPublic status, recommended grant holders, and common use cases.

Capability Updates

SYNTHET occasionally adds new capabilities or modifies existing ones:

New Capabilities

When SYNTHET releases new features, new capabilities are automatically added to your catalog. You must grant them to roles if desired.

Risk Tier Changes

Rarely, SYNTHET may change a capability's risk tier based on security assessments. Your existing grants are preserved, but new grants use the updated tier.

Deprecation

Old capabilities may be marked as deprecated if replaced by newer ones. Existing grants continue to work, but new grants should use the replacement capability.

Note: Check the Catalog tab monthly for new capabilities relevant to your server. Update role grants accordingly.

Capability Best Practices

  • 1.Review HIGH/CRITICAL capabilities: Understand which capabilities have destructive potential before granting
  • 2.Grant only needed capabilities: Don't grant a role "economy.admin" if they only need "economy.view_balances"
  • 3.Use risk tiers to guide policy: Use risk tier to inform decisions about who can use each capability
  • 4.Restrict CRITICAL by default: Only owner and emergency admins should have CRITICAL capabilities
  • 5.Monitor new capabilities: After SYNTHET updates, review new capabilities and decide on grant strategy
  • 6.Document in your policy: Keep notes on why your roles have the capabilities they do
← Permission OverridesRBAC Audit Log →