Auto-Grant

Auto-grant marks a Discord role as fully authorized — anyone holding it bypasses every Arkanis capability check. Set during setup and adjustable from the permissions panel.

What is this?

A per-role toggle that says "this Discord role can do anything Arkanis can do, no further checks". The setup wizard turns it on for your highest non-managed admin role by default; you can move it around (or turn it off entirely) from the permissions panel later.

Why you might want it

Without auto-grant, every new admin needs explicit capability grants before they can ban, edit settings, or run RCON. Auto-grant is the shortcut for the people you actually trust with everything. Use it sparingly, because the audit log treats an auto-grant role exactly like granting all capabilities by hand.

What Auto-Grant Means

A role with auto-grant turned on is treated as if it had every capability Arkanis defines. Members with that role bypass every permission check — they can issue strikes, edit settings, run RCON, configure billing, everything the bot does.

Auto-grant is per-role, not per-user. It's how Arkanis gives admins blanket authority without you having to tick every individual capability checkbox.

Default at Setup

The setup wizard's Foundation step picks the server's highest non-managed role for auto-grant by default. “Non-managed” means roles assigned manually — not bot-integration roles. In most servers this is your Admin role, sitting just below the server owner.

Why this default: it ensures the human(s) who installed Arkanis can use it the moment setup completes, without an extra trip to the permissions panel.

ℹ️

Note

The server owner is always covered by a hardcoded shortcut, even if their role doesn't have auto-grant. So you can always recover access by being the owner — but every other admin needs an auto-grant role or explicit capability grants.

Setup Alternatives

During setup, you can pick one of three options:

Highest role (default) — auto-grant goes on the top non-managed role.
Staff role — auto-grant goes on the staff role you picked. Only safe if your staff role is small and trusted with everything Arkanis can do.
None — no role gets auto-grant. Every admin will need explicit capability grants from the permissions panel before they can use staff features. Server owner still works.

Changing It Later

Open Roles & Permissions in the dashboard. Each role row has an Auto-grant toggle. Flip it on or off; takes effect on the next bot interaction (no restart needed).

You can give auto-grant to multiple roles. Anyone holding any auto-grant role bypasses checks. Removing auto-grant from a role doesn't revoke other capability grants the role might have — only the blanket bypass.

Risk & Recommendations

⚠️

Warning

Don't auto-grant a role you've handed out widely. Auto-grant means “this role can do anything Arkanis can do” — ban, strike, edit settings, RCON, billing. If 50 people hold the role, 50 people can ban, edit settings, and run RCON.

Practical pattern:

Owner / co-owner → auto-grant.
Mods → explicit capability grants on the moderator role (issue strikes, view enforcement, claim cases). No auto-grant.
Trial mods → a smaller subset of capabilities on a trial-mod role. No auto-grant.

When in doubt, leave auto-grant on the highest role only and grant capabilities to other roles explicitly. The permissions panel makes that easy.

How the Check Works

When the bot evaluates a permission check, it walks roughly this order:

Is the user the server owner? → allow.
Does the user hold a role with auto_grant=TRUE? → allow.
Does the user (or any of their roles) have an explicit grant for this capability? → allow.
Otherwise → deny.

Auto-grant short-circuits the explicit-grant lookup. That's why it's called auto-grant — it's implicit access to everything.

Settings Panel Roles & Permissions Initial Setup

Roles & Permissions Audit Log