Can't remove Join Role from Discord Greetings


#1

PhantomBot Version: 2.4.0.3 (Revision: 60fd67d6)
Control Panel Version 1.1
Java Version: 1.8.0_151-8u151-b12-0ubuntu0.16.04.2-b12
OS Version: Linux
Browser and Version (for Panel Support): Chrome 65.0.3325.181
Stock PhantomBot: Yes

Let us know what help you need:

Can’t remove Join Role. It can be updated fine but doesn’t seem to accept blank or no role.


#2

It wasn’t meant to be removed, but I’ll see what I can do.


#3

For what its worth, it seems to work just fine with a nonexistent role.
I just think its weird you cant have none or return it to default state.


#4

My two cents, I consider it like UNIX. You are to have a role (group) when you join the server. If you are using this feature of PhantomBot, part of that is to auto-assign a role. I suppose I can see not wanting to assign a Role, but that is part of this particular feature set - to automate the Joining of folks to the server. In other words, when this was requested, there is a good chance the person also asked us to automate the assignment of role (I would have to dig back, I am possibly wrong too).

Perhaps instead of “Greetings” it should really be “Join/Leave Server Handler” instead since that is a more accurate description.


#5

Thats very backwards from typical server security for Discord.
Since you can’t remove permissions by giving a role. Restricted permission are given by not having a role.
Usually if you do not have a role you are restricted till you are assigned a role.
We have a “welcome” channel that only role-less people can see and be screened before allowed to see all the channels. This protects our current users form seeing any spam.


#6

If the role isn’t set in the first place no role will be set on the user. Once you set a role in the box, it cannot be removed. When making this I thought people would set it once and leave it, but I was wrong.


#7

While I understand that may be how Discord works today, with someone that has worked in network security and system security for a couple of decades, I never trust systems that say “by default we…” because they can change that default one day breaking your idea of how security is implemented. Instead, in my Discord server, I have had it setup to always assign the most restrictive permissions by default because then I control the Role and the security myself rather than trusting the service.

A recent example of this would be something I went through at work. A large HR system by default provided a default access to certain calls to access data. That was changed in a patch by then changing what the default security roles were - broke a few systems, except my code, which was requesting specific roles and access.

Granted, I see that Scania is fixing it, but I still just wanted to give my two cents to not trusting defaults that you have no control over.


#8

The most restrictive permission set is @everyone so there is no role needed to be assigned.
To assign a role by default is actually kind of silly to me as I think of it. I’m guessing you give SOME permissions on this default assigned role and remove them as punishment?
Just curious, what does your everyone role look like and how does it differ from your default assigned role?

Or were you saying you don’t use this feature of PB? Then you would agree that you should be able to remove the default role from the settings if you changed your mind.


#9

My everyone role has nothing. Absolutely no permissions at all. Folks do not even show up in the member list. I have PhantomBot assign a role and permissions instead. As @everyone is controlled by Discord, what is to stop them from adding new security rules with automatic opt-in settings?

By service I mean the service outside of my control - Discord. The Bot is fully within my control :slight_smile:

Someone mentioned today why would Microsoft partner with Discord when they have Skype. Simple, at my business I can self-host the Skype for Business Server and then be in full control of the server - same with Mattermost (I am moving my team away from Slack), I can self-host. Since I cannot self-host Discord, and have no control over their server releases, I choose not to provide trust.

…and besides, I can edit the database and remove the entry if I want (again, full control) :wink:


#10