Permissions & Security
Control who can configure the bot with tiered admin roles.
Permission Tiers
Resonance uses a four-tier permission system to give you granular control over who can manage what. Assign the appropriate level to each admin role in your server.
| Tier | Level | What They Can Do |
|---|---|---|
| Full Admin | 4 | Everything: setup, config, user management |
| Event Manager | 3 | Create/edit events, drops, milestones, rewards |
| Perk Manager | 2 | Create/manage perks |
| Viewer | 1 | View stats, audit, KPI (read-only) |
Higher tiers inherit access from all lower tiers. A Full Admin can do everything an Event Manager, Perk Manager, and Viewer can do.
Setting Up Admin Roles
Use /config admin-roles to assign permission tiers to your Discord roles.
Add a role:
/config admin-roles add role:@Moderators level:event_manager
List all configured roles:
/config admin-roles list
Remove a role:
/config admin-roles remove role:@Moderators
You can configure multiple roles at different levels. For example, assign full_admin to a core team role and viewer to a community management role that only needs read access.
Discord-Native Permissions
Users with Discord's built-in ADMINISTRATOR or MANAGE_GUILD permissions automatically receive Full Admin (Level 4) access to Resonance. No additional configuration is required for these users.
This means your server owner and any roles with server-wide admin permissions are always able to manage the bot, even before you configure any Resonance-specific admin roles.
Command Visibility
Admin commands (/config, /drop, /stats, etc.) are hidden from non-admin users in Discord's command picker. Regular members only see user-facing commands like /balance, /daily, and /streak.
This keeps the interface clean for regular members and reduces confusion about commands they cannot use.
Server owners can override command visibility on a per-role basis in Discord's Server Settings > Integrations. If a role is granted visibility to admin commands through Discord settings, those commands will appear in the command picker for members with that role.
Centralized Permission Gate
Even if command visibility is overridden in Discord settings, the bot enforces runtime permission checks on every command invocation. If a user without the required permission tier attempts to run an admin command, they receive an ephemeral error message visible only to them.
This means Discord's visibility settings control what users see in the command picker — but Resonance's permission system controls what they can actually execute. The two layers work independently, so there is no risk of accidental access through a misconfigured visibility setting.
Security Key
Your security key authenticates the connection between your Discord server and Resonance. Retrieve it from the Partner Portal.
To rotate your security key:
- Generate a new key in the Partner Portal.
- Re-run
/setup connectin your Discord server with the new key.
Rotating your key immediately invalidates the previous key. Do this if you suspect your key has been compromised or if you are offboarding a team member who had access to it.
Never share your security key publicly or commit it to a repository. Treat it like a password.
Account Linking
Members can link external accounts — X/Twitter, Google, Telegram, and Web3 wallets — using the /link command. Linking enables cross-platform reward tracking, so activity on external platforms can flow into Resonance rewards.
Account linking is enabled by default. Webhook verification for linked platforms is handled automatically by Resonance — no additional configuration is required on your end.
Members manage their own linked accounts and can unlink at any time. Linked account data is scoped to your server and is not shared across other Resonance-powered communities.