Role Groups Protection

A feature separate from the general Anti-Nuke system — dedicated to protecting specific named roles (like staff roles, or paid streamer roles) from being assigned or removed by anyone not explicitly authorized, even if they technically hold Manage Roles.

Why aren't Discord's regular permissions enough?#

Holding Manage Roles means someone can assign or remove any role lower than their own — including sensitive ones. Role Groups protection adds an extra verification layer: even with the technical permission, the person must be on an explicitly authorized list to touch this specific group's roles.

Setup#

1

Create a group

From the Role Groups page in the dashboard, create a new group and add the roles you want protected.

2

Set the authorized list

Add to Authorized Users or Authorized Roles whoever is allowed to assign/remove this group's roles. Anyone else — even with Manage Roles — is considered unauthorized.

3

Enable removal protection if needed

Protect Removal: if enabled, the role is automatically restored when removed from a member by an unauthorized person — not just when it's assigned without authorization.

4

Choose a log channel

Set a Log Channel to get every attempt (authorized or rejected) in one place.

Optional: auto-add new roles

Auto-Add New Roles makes any new role created on the server automatically added to this group's protected roles list — useful if you keep creating sensitive roles and don't want to remember to add each one manually.

How does the bot respond to an unauthorized attempt?#

The response is always instant — no waiting, no counter. But what happens to the executor themselves escalates based on how often they repeat the attempt within a short window:

Number of attemptsResponse
Any single attemptInstantly restores the role to its correct state + logs it in the log channel
After several repeated attempts within secondsThe executor is automatically neutralized — any role granting them Manage Roles/Administrator is stripped, stopping the attempts at the source

What if the executor outranks the bot?

This is a real limitation from Discord itself: no bot can affect a member who outranks it — no stripping roles, no kicking, no banning. In this case the bot keeps correcting the protected role on every attempt (protection never stops), but it can't neutralize the executor. The only fix: raise the bot's role above any member who could plausibly abuse permissions.

Unidentified executor#

If who made the change can't be determined (rare, usually due to temporary network pressure), the change is automatically treated as unauthorized and the role is corrected immediately — safety always takes priority over knowing identity. "Unknown" appears in the log instead of a username only in this case.

Best Practices#

  • Use it for roles granting real permissions (admin, moderation) or value (paid roles, exclusive roles) — no need to protect simple decorative roles.
  • Keep the Authorized Users/Roles list as small as possible — every addition reduces protection effectiveness.
  • Enable Protect Removal specifically on admin roles — preventing an admin role from being stripped by an unauthorized person matters just as much as preventing it from being granted.
  • Review the log channel periodically — repeated attempts from the same person (even auto-corrected ones) are a sign of a compromised account worth investigating.