Concepts
Least Privilege

Least Privilege

The general setup described in the installation section is suitable for most servers. However, it does come with drawbacks:

  • Granting the ADMINISTRATOR permission violates the concept of least privilege, which is important for server security, especially for a security-focused bot.
  • With no roles higher than the shield bot's role, only the server owner can make rate limit and bot whitelist changes. This choice comes from the desire to mitigate the damage potential of a rogue admin, but if you want a group of trusted individuals to be able to make configuration changes to the bot, you will need to keep the shield role below their role.

To address the first point, we suggest taking a look at all commands and features of Shield that you intend to use, and only grant those permissions to the bot. Every feature and slash commands is documented with the exact permissions that the command requires. As a general rule, we recommend granting at least the following permissions:

  • ATTACH_FILES for server exports
  • BAN_MEMBERS for rate limit remediation and certain slash commands
  • KICK_MEMBERS for bot protection
  • MANAGE_GUILD_EXPRESSIONS to edit and delete emojis
  • MANAGE_ROLES for rate limit remediation and certain slash commands
  • VIEW_AUDIT_LOG to pick up rate limit events

Addressing the second point is as easy as moving the shield role down. Be careful as these users will be able to bypass the protection that Shield provides.

CooldownsLogging