Role Groups Protection
A feature separate from the general Anti-Nuke system — dedicated to protecting specific named roles (like staff roles, or paid streamer roles) from being assigned or removed by anyone not explicitly authorized, even if they technically hold Manage Roles.
Why aren't Discord's regular permissions enough?#
Holding Manage Roles means someone can assign or remove any role lower than their own — including sensitive ones. Role Groups protection adds an extra verification layer: even with the technical permission, the person must be on an explicitly authorized list to touch this specific group's roles.
Setup#
Create a group
From the Role Groups page in the dashboard, create a new group and add the roles you want protected.
Set the authorized list
Add to Authorized Users or Authorized Roles whoever is allowed to assign/remove this group's roles. Anyone else — even with Manage Roles — is considered unauthorized.
Enable removal protection if needed
Protect Removal: if enabled, the role is automatically restored when removed from a member by an unauthorized person — not just when it's assigned without authorization.
Choose a log channel
Set a Log Channel to get every attempt (authorized or rejected) in one place.
Optional: auto-add new roles
Auto-Add New Roles makes any new role created on the server automatically added to this group's protected roles list — useful if you keep creating sensitive roles and don't want to remember to add each one manually.
How does the bot respond to an unauthorized attempt?#
The response is always instant — no waiting, no counter. But what happens to the executor themselves escalates based on how often they repeat the attempt within a short window:
| Number of attempts | Response |
|---|---|
| Any single attempt | Instantly restores the role to its correct state + logs it in the log channel |
| After several repeated attempts within seconds | The executor is automatically neutralized — any role granting them Manage Roles/Administrator is stripped, stopping the attempts at the source |
What if the executor outranks the bot?
This is a real limitation from Discord itself: no bot can affect a member who outranks it — no stripping roles, no kicking, no banning. In this case the bot keeps correcting the protected role on every attempt (protection never stops), but it can't neutralize the executor. The only fix: raise the bot's role above any member who could plausibly abuse permissions.
Unidentified executor#
If who made the change can't be determined (rare, usually due to temporary network pressure), the change is automatically treated as unauthorized and the role is corrected immediately — safety always takes priority over knowing identity. "Unknown" appears in the log instead of a username only in this case.
Best Practices#
- Use it for roles granting real permissions (admin, moderation) or value (paid roles, exclusive roles) — no need to protect simple decorative roles.
- Keep the
Authorized Users/Roleslist as small as possible — every addition reduces protection effectiveness. - Enable
Protect Removalspecifically on admin roles — preventing an admin role from being stripped by an unauthorized person matters just as much as preventing it from being granted. - Review the log channel periodically — repeated attempts from the same person (even auto-corrected ones) are a sign of a compromised account worth investigating.