Roles & Permissions

Configure roles and permissions to control what users can access and do in your PteroCA panel.

Overview

PteroCA v0.6 introduces a comprehensive role-based permission system with 84 granular permissions, replacing the simple ROLE_ADMIN/ROLE_USER system from previous versions.

Key Benefits:

• Granular Control: 84 individual permissions across 12 functional areas

• Custom Roles: Create roles matching your team structure

• Flexible Assignment: Assign multiple roles to users

• Better Security: Grant only the permissions users actually need

What Changed in v0.6

Before v0.6:

• Simple two-role system: ROLE_ADMIN (full access) or ROLE_USER (basic access)

• No ability to create custom roles

• All admins had identical permissions

After v0.6:

• 84 granular permissions organized into 12 categories

• Create unlimited custom roles with specific permission sets

• Separate view and edit permissions for Settings

• New pterodactyl_root_admin permission for Pterodactyl Panel access

• Automatic menu visibility based on permissions

Documentation

Roles & Permissions Guide

Practical guide for administrators covering:

• Understanding roles and permissions

• Complete list of all 84 permissions

• Managing roles (create, edit, delete)

• Assigning roles to users

• Example role scenarios (Support Staff, Shop Manager, Moderator, etc.)

• Security considerations

• FAQ

Access Control Model

Technical documentation explaining:

• How permission checking works

• Menu visibility logic

• Multi-layer security enforcement

• Implementation details

Quick Start

To create a custom role:

1. Navigate to: Admin Panel → Roles & Permissions → Roles

2. Click "Add role"

3. Enter role name and display name

4. Select permissions from the organized categories

5. Click "Save"

To assign roles to a user:

1. Navigate to: Admin Panel → Users

2. Select a user and click "Edit user"

3. Select one or more roles from the dropdown

4. Click "Save user"

Common Role Examples

Support Staff (read-only access):

• View dashboard, users, servers, logs

• Access all settings (view only)

• No editing or deletion permissions

Shop Manager (product management):

• Full access to products and categories

• Access dashboard

• No access to users, servers, or system settings

Moderator (user management):

• Manage users and servers

• View logs

• No access to settings or shop configuration

For detailed examples: Roles & Permissions Guide

Built-in System Roles

Admin Role:

• Has ALL 84 permissions

• Cannot be edited or deleted

• Use for system administrators

User Role:

• Has 12 basic user permissions

• Cannot be edited or deleted

• Automatically assigned to new customers

Prerequisites

To manage roles and permissions:

• You must have the access_roles permission

• You must have the edit_role permission to create/modify roles

• Admin role has all permissions by default

Best Practices

1. Follow the Principle of Least Privilege: Grant only necessary permissions

2. Use Descriptive Names: Make role purposes clear

3. Test Custom Roles: Verify permissions work as expected

4. Regular Review: Audit role assignments periodically

5. Protect Sensitive Permissions: Limit pterodactyl_root_admin and edit_settings_*

Related Documentation

• CLI Reference - Create users with specific roles via command line

• Core Configuration - Requires appropriate permissions

• Business Configuration - Product management permissions