Recommendations

Recommendations

Best Practices & Recommendations

Learn best practices and see some of our recommendations.

Configuring Role Permissions

When using the GS Defender Discord bot, you should always ensure the roles it’s configured to apply don’t have drastically escalated permissions compared to the permissions the user has before running the command. If, for example, the configured verified response role has administrator permissions and there’s no restrictions on who can run the command, anyone can obtain administrator permissions. You should restrict the /verify command if you wish to permit potentially dangerous permissions with the verified or adult responses.

No Administrator Permission

You should not give the GS Defender bot the administrator permission. Following security of least privilege, you should only assign it the permissions it explicitly needs and permissions to match the roles it’s able to assign. For example, if a role that the GS Defender bot is configured to apply has the Manage Messages permission and GS Defender doesn’t have this permission, it will be unable to apply that role to users verifying with it.

Permission Escalation

You should be mindful of permission escalation with GS Defender . The configuration commands require the Manage Guild permission. You should not have this permission available to any roles below GS Defender’s own role or a malicious staff member with this permission may be able to configure GS Defender to grant themselves escalated permissions. Ensure that GS Defender’s role is ONLY above the roles you wish for it to be able to apply with the desired configuration and be mindful of who you grant the Manage Guild permission to. You can further limit who can use the Configuration commands in the Integrations server settings as detailed previously in this document.

Incentive for Verification

It’s important for there to be an incentive for users to carry out verification with GS Defender. Depending on your community, escalated permissions like using external emotes/stickers, making threads or being able to use private channels may serve as good incentives. If you are, for example, a content creator; gating access to a channel where users can directly interact with you may be a viable incentive. If you run an adult/NSFW community, or community with such content, you may also gate access to such content behind the Adult response of GS Defender. Gating giveaways or events to members who have verified via GS Defnder also serves as a good incentive.

When using GS Defender for security, there are many permissions that you can allocate to roles applied by GS Defender with the Verified response. Common choices include thread permissions, access to forums, VC permissions, access to higher harm channels (such as ones that directly interact with content creators or VIPs), external emote/sticker permissions and permissions to use commands of other bots.