GM security levels grant access to commands based on the defaults provided on the GM Commands page. But if you wish to make modifications to the permissions granted by each security level, or if you need to grant an account specific permissions, you must understand how TrinityCore's RBAC implementation works.
auth.rbac_permissions
auth.rbac_linked_permissions
Deny definitions are explicitly set in rbac_account_permissions
with granted = 0
and override linked permissions.
If you need further flexibility, or find that you are denying lots of commands, it's probably time to consider creating a custom role. Note that custom roles and permissions should be created in the
1xxx
range to avoid conflicting with TrinityCore native roles and permissions.
Security Level | Role | Permission Id | Inherits (rbac_linked_permissions) |
---|---|---|---|
3 | Admin | 192 | GM security Level - 196, Administrator commands |
2 | GM | 193 | Moderator security level - 197, Gamemaster commands |
1 | Mod | 194 | Player security level - 198, Moderator commands |
0 | Player | 195 | Player commands |
Permission Id | Name | Permissions Count |
---|---|---|
196 | Administrator commands | 377 |
197 | Gamemaster commands | 95 |
198 | Moderator commands | 91 |
199 | Player commands | 14 |
0
can not be used to define a permission.
Name | Syntax | Description |
---|---|---|
.rbac account | .rbac account [$account] | View permissions of selected player or given account Note: Only those that affect current realmNote: Shows real permissions after checking group and roles |
.rbac account permission | .rbac account list [$account] | View permissions of selected player or given account Note: Only those that affect current realmNote: Only those directly granted or denied, does not include inherited permissions from roles |
.rbac account grant | .rbac account grant [$account] #id [#realmId] | Grant a permission to selected player or given account.#reamID may be -1 for all realms. |
.rbac account deny | .rbac account deny [$account] #id [#realmId] | Deny a permission to selected player or given account.#reamID may be -1 for all realms. |
.rbac account revoke | .rbac account revoke [$account] #id | Remove a permission from an account Note: Removes the permission from granted or denied permissions |
.rbac list | .rbac list | View list of all permissions.If $id is given will show only info for that permission. |
Table | Table Description | Field Name | Field Type | Field Description |
---|---|---|---|---|
auth.rbac_account_permissions |
Account-Permission relation | accountId permissionId granted realmId |
int int int signed int |
Account id Permission id Granted = 1, Denied = 0 All = -1, else realmId |
auth.rbac_permissions |
Permission List | id name |
int text |
Permission id Permission name |
auth.rbac_default_permissions |
Default permissions to assign to a specific security level (account_access) | secId permissionId |
int int |
Security level [0-3] Permission id |
auth.rbac_linked_permissions |
Assigns permissions to roles (see rbac_permissions for permissions with name "role") Can also be used to link permissions to permissions (creating new roles) | id linkedId |
int int |
Permission id Permission id |