Policy Setup

Permissive Template

Best for: Small, casual servers where you trust most roles

Configuration:

• •All Discord roles granted broad permissions by default
• •Admin role has most capabilities except some CRITICAL ones (like "rbac.manage")
• •Moderator role can moderate but not manage economy
• •defaultPublic is true (capabilities allowed unless explicitly denied)

Risk level: Medium. Good for starting, but you should tighten over time.

Balanced Template

Best for: Most servers. Provides good security without excessive friction.

Configuration:

• •Owner role: All capabilities except dangerous ones require confirmation
• •Admin role: Can manage moderation and some settings, not RBAC or economy
• •Moderator role: Can ban, mute, warn, manage channels in assigned areas
• •Member role: Can use public commands, access basic capabilities only
• •defaultPublic is false (deny unless explicitly granted)

Risk level: Low. Recommended starting point (default).

Strict Template

Best for: Security-focused servers or large communities with complex role structures

Configuration:

• •Only explicitly granted capabilities are allowed
• •Each role must be individually configured with required grants
• •All dangerous operations require additional confirmation
• •defaultPublic is false (whitelist-only permissions)

Risk level: Very Low. Requires more setup but maximizes security.

Lockdown Template

Best for: Emergency situations when you need to restrict permissions immediately

Configuration:

• •Only server owner and designated emergency admins have any permissions
• •All other roles stripped of dangerous capabilities
• •Members can only view and read, not post or interact
• •defaultPublic is false

Risk level: Minimal (emergency mode). Switch to normal template after incident.

When enabled, users with Discord's "Administrator" permission skip all RBAC checks. They have full permissions regardless of grants.

When to enable: Small/casual servers where you want flexibility. New servers getting started.

When to disable: Security-focused servers or if you want to enforce RBAC on everyone including admins. Recommended for strict policy.

When enabled, server owner can activate break-glass mode during emergencies to bypass RBAC temporarily.

Every activation is logged: See when, why, and for how long in audit logs.

Recommendation: Keep enabled. It's a safety valve if RBAC configuration locks you out.

When enabled, users must pass Discord's built-in permission check before SYNTHET evaluates RBAC. Creates a two-gate system.

Example: User tries to ban someone. Discord checks if user has "Ban Members" Discord permission. If no, blocked immediately. If yes, SYNTHET checks RBAC grants for "moderation.ban".

When useful: If you want RBAC to be additional restrictions on top of Discord permissions, not a replacement.

When true, capabilities are allowed by default unless explicitly denied. When false, capabilities are denied unless explicitly allowed.

defaultPublic = true: Whitelist-based denial. Start permissive, deny what you don't want.

defaultPublic = false: Whitelist-based allowance. Start restrictive, allow what you need.

Recommendation: Use false for security. More explicit, less chance of accidental permissions.

How many days to keep audit logs before automatic deletion (default: 90 days).

Higher retention: Better for compliance and incident investigation, uses more storage.

Shorter retention: Lighter storage footprint, less historical data available.

Version History

Shows all policy versions with timestamps. Each version displays:

• •Version number (auto-incrementing)
• •Created timestamp
• •Modified by (which user/admin made the change)
• •Change summary (what was modified)

Version Comparison

Click two versions to see a detailed diff: which grants were added, removed, or modified. Useful for understanding what changed.

Rollback to Previous Version

If a policy change causes problems, click "Rollback" on a previous version. The system creates a new version that matches the old state, preserving history.

Reinitialize Policy

Choose a new template and apply it. This:

• •Preserves your current Discord roles
• •Replaces all grants with the template's defaults
• •Removes any custom grants you've added
• •Resets policy settings to template defaults

Warning: This is a destructive operation. The previous policy version is preserved in history, but you'll need to reapply any custom grants.

Disable RBAC Entirely

Completely disable RBAC for your server. This removes all SYNTHET permission checks and Discord permissions are used as-is. All audit logs and policy history are retained for reference.

Export Policy

Download your current policy as a JSON file. Includes:

• •All policy settings (admin bypass, break glass, etc.)
• •All role bindings and grants
• •All user overrides (if policy includes them)
• •Timestamp and version information

Useful for: Backup, version control in Git, documentation, or migrating to another server.

Import Policy

Upload a previously exported JSON policy file to restore or copy a configuration.

Validation: The system validates the JSON structure before importing. If invalid, you'll see helpful error messages.

Policy Stats

Dashboard shows:

• •Current version number
• •Last modified timestamp
• •Total number of Discord roles synced
• •Total grants defined
• •Total user overrides active
• •Days of audit logs retained

Health Warnings

System identifies potential issues:

• ⚠Admin bypass enabled: Admins skip all RBAC checks
• ⚠No overrides for break-glass: No users have emergency access
• ⚠High grant count: Over 100 grants may indicate overly complex policy
• ⚠CRITICAL capabilities ungranted: No one can use critical actions