Permission Sets - RaidMax/IW4M-Admin GitHub Wiki

Permission Sets

Permission Sets provide fine-grained control over what each permission level can access in the webfront.

Configure them in IW4MAdminSettings.json under Webfront.PermissionSets.

Format

Permissions use the format: Component.AccessLevel

ClientIPAddress.Read
Penalty.Write
ConsolePage.Read

Special Characters

Character	Meaning	Example
`*`	All permissions	`"*"`
`-`	Remove permission	`"-ConsolePage.Read"`

Available Components

Client Data

Component	Description
`ClientIPAddress`	View client IP addresses
`ClientGuid`	View client GUID/XUID
`ClientLevel`	View/modify client permission levels
`ClientNote`	View/add notes to clients
`MetaAliasUpdate`	View alias history updates

Pages

Component	Description
`ProfilePage`	Access player profile pages
`HelpPage`	Access help/commands page
`ConsolePage`	Access server console
`AuditPage`	Access audit log
`RecentPlayersPage`	Access recent players list
`PrivilegedClientsPage`	Access privileged clients list
`BanManagementPage`	Access ban management
`AdminMenu`	View admin navigation menu

Features

Component	Description
`Penalty`	View penalties
`Interaction`	Access plugin interactions
`AdvancedSearch`	Use advanced search features
`AuditLogDataDetails`	View detailed audit log data

Access Levels

Level	Description
`Read`	View/access the component
`Write`	Create/modify data
`Delete`	Remove data

Default Configuration

{
  "Webfront": {
    "PermissionSets": {
      "User": [
        "HelpPage.Read",
        "ProfilePage.Read",
        "Interaction.Read"
      ],
      "Trusted": [
        "HelpPage.Read",
        "ProfilePage.Read",
        "Penalty.Read",
        "Interaction.Read",
        "ClientLevel.Read",
        "ConsolePage.Read",
        "PrivilegedClientsPage.Read"
      ],
      "Moderator": [
        "HelpPage.Read",
        "ProfilePage.Read",
        "Penalty.Read",
        "Interaction.Read",
        "ClientLevel.Read",
        "PrivilegedClientsPage.Read",
        "AdminMenu.Read",
        "RecentPlayersPage.Read",
        "ClientNote.Read",
        "ConsolePage.Read",
        "AdvancedSearch.Read"
      ],
      "Administrator": [
        "HelpPage.Read",
        "ProfilePage.Read",
        "Penalty.Read",
        "Interaction.Read",
        "ClientLevel.Read",
        "PrivilegedClientsPage.Read",
        "AdminMenu.Read",
        "RecentPlayersPage.Read",
        "ClientNote.Read",
        "AdvancedSearch.Read",
        "MetaAliasUpdate.Read",
        "ClientGuid.Read",
        "ConsolePage.Read",
        "AuditPage.Read"
      ],
      "SeniorAdmin": ["*"],
      "Owner": ["*"]
    }
  }
}

Examples

No Permissions

"Moderator": []

All Permissions

"Moderator": ["*"]

Specific Read Permission

"Moderator": ["ClientIPAddress.Read"]

Multiple Permissions

"Moderator": [
  "ClientIPAddress.Read",
  "MetaAliasUpdate.Read",
  "Penalty.Read"
]

All Permissions Except One

"Moderator": ["*", "-ConsolePage.Read"]

Grants all permissions but removes console access.

Read and Write

"Administrator": [
  "ClientNote.Read",
  "ClientNote.Write"
]

Notes

Permissions are not inherited between levels — each level must explicitly define its permissions
Use * sparingly; prefer explicit permissions for security
The - prefix only works when combined with * to exclude specific permissions