Summary:
The ModWise Discord Permission Risk Matrix categorizes 52 Discord permissions into risk bands based on their potential impact, using a color-coded system. These bands range from Red, indicating administrator-level permissions, to Green, representing standard member permissions. Color bands are ModWise editorial classifications, not Discord-native severity labels.
The risk associated with each permission is influenced by factors like role hierarchy and channel settings, helping administrators manage permissions effectively. True effective risk is influenced by role hierarchy, channel overwrites, and multi-role combinations.
ModWise Permission Risk Color Definitions
BlackΒ β Used to visualize Server Owner permissions, which functions as intrinsic superadmin.Β
Red β Core control-plane permissions with highest structural impact.
Orange β Amplification, sensitive visibility, or mass-impact permissions.
Yellow β Core moderation authority permissions.
Blue β Controlled interaction permissions with limited structural impact.
Aqua or Gray β Permissions in this band are case dependent, being Blue/Green based on preference.
Green β Baseline operational permissions for standard members.
Permissions With Scope
π΄Red
Administrator
Bypasses almost all permission checks. Full control and highest compromise impact. Very high risk surface.
ManageChannels
Can create/edit/delete channels and permission overwrites; core control-plane risk and should be allowed to few admins.
ManageGuild
Can change major guild settings that affect safety and operations; also allows installing bots. Very high risk surface.
ManageRoles
Can change role permissions/hierarchy; strongest privilege-escalation vector second to admin. Very high risk surface.
ManageWebhooks
Can create/edit webhooks; often abused for stealth posting and impersonation patterns. High risk surface.
π΄π Red/Orange
BanMembers
Can permanently remove users from the server; can be used to ban team members; high operational disruption potential.
KickMembers
Can remove users without ban; can be used to kick team members; disruptive if overused or abused.
π Orange
CreateEvents
Lets a role create scheduled server events; can be used to create official-looking scams.
ManageEvents
Can edit or cancel scheduled events and event details. Risk of hijacking legitimate events to insert malicious information.
MentionEveryone
Can mass-ping everyone/here; disruption and scam risk. Very common exploit to amplify attacks quickly.
ViewAuditLog
Allows reading Discord native moderation/admin action logs. Risk of sensitive operational visibility.
ViewCreatorMonetizationAnalytics
Allows viewing sensitive creator monetization analytics.
π π‘ Orange/Yellow
ViewGuildInsights
Allows access to server insights analytics; moderate information exposure, but low attack-surface risk.
π‘ Yellow
BypassSlowmode
Lets a role ignore channel slowmode controls; low risk, but can accelerate spam if misassigned.
CreateGuildExpressions
Lets a role add server expressions; low security risk, but can affect trust/brand if misused.
DeafenMembers
Voice moderation control to deafen specific users for all speakers server-side.
ManageEmojisAndStickers
Can modify emoji/sticker assets; low security risk, but can affect trust/brand if misused.
ManageGuildExpressions
Can manage expression assets (emoji/sticker/soundboard); low security risk, but can affect trust/brand if misused.
ManageMessages
Can delete/pin/manage others messages; important moderation power and evidence-integrity risk. Risk varies by channel/access.
ManageNicknames
Can rename other members; potential confusion/impersonation vector.
ManageThreads
Can manage thread lifecycle and moderation actions inside threads; potential for disruption and confusion.
ModerateMembers
Can timeout members, preventing interaction. Lower risk of permanent damage than kick or ban, but still disruptive.
MoveMembers
Can move users between voice channels without consent; potentially disruptive with minor security/privacy risk.
MuteMembers
Voice moderation power to mute specific users for all listeners server-side.
PinMessages
Can promote/demote pinned content; can reshape trusted content in a channel.
π‘π΅ Yellow/Blue
CreatePrivateThreads
Allows opening private threads; can create lower-visibility discussion surfaces under a false appearance of legitimacy.
CreatePublicThreads
Allows opening public threads and expanding conversation surface area. Low-risk, but increases workload in manual moderation.
SendPolls
Allows creating polls; low-risk but potential to mislead public perception of authority.
SendTTSMessages
Allows text-to-speech posting; moderate spam/disruption potential.
SendVoiceMessages
Allows posting voice messages; can slow moderation review in text-based moderation systems.
π΅ Blue
CreateInstantInvite
Allows creating invite links; can increase uncontrolled server entry paths. Normally allowed in most servers.
PrioritySpeaker
Can prioritize speaker audio in voice channels.
Stream
Allows screen sharing/streaming in voice contexts; potential for minor security/privacy risk.
UseExternalApps
Allows use of external app integrations where Discord supports them.
UseExternalEmojis
Allows using emoji from other servers.
UseExternalSounds
Allows using external sounds in supported contexts.
UseExternalStickers
Allows using stickers from other servers.
UseSoundboard
Allows using the soundboard feature.
π΅π’ Blue/Aqua
ChangeNickname
Lets a member edit their own nickname; can be used to impersonate mods; mostly identity impact.
UseEmbeddedActivities
Allows starting embedded activities in supported channels.
π΅βͺ Aqua/Gray
AddReactions
Lets members react to messages; low abuse by itself, but can be used for spam and scam signaling.
AttachFiles
Allows uploading media/files; raises moderation and malware screening burden.
Connect
Allows joining voice channels.
EmbedLinks
Allows rich embeds of URLs such as GIFs; can increase risk of scams appearing legitimate and getting clicks.
RequestToSpeak
Allows stage participant to request to speak on stage.
SendMessages
Allows posting messages in text channels. Easily overlooked risk if a channel is intended to be read-only.
SendMessagesInThreads
Allows posting inside threads.
Speak
Allows speaking in voice channels. Normally allowed in most voice channels.
UseApplicationCommands
Allows using slash commands/app commands. Risk generally depends on per-integration settings.
ViewChannel
Allows seeing a channel and its visible metadata/content surface. Easily overlooked risk if channel is intended to be private.
π’ Green
ReadMessageHistory
Allows reading prior messages in channels the role can view. Normally allowed in most servers.
UseVAD
Allows voice activity detection mode in voice. Normally allowed in most voice channels.
Permissions Listed by Risk
Red
Administrator
ManageChannels
ManageGuild
ManageRoles
ManageWebhooks
Red/Orange
BanMembers
KickMembers
Orange
CreateEvents
ManageEvents
MentionEveryone
ViewAuditLog
ViewCreatorMonetizationAnalytics
Orange/Yellow
ViewGuildInsights
Yellow
BypassSlowmode
CreateGuildExpressions
DeafenMembers
ManageEmojisAndStickers
ManageGuildExpressions
ManageMessages
ManageNicknames
ManageThreads
ModerateMembers
MoveMembers
MuteMembers
PinMessages
Yellow/Blue
CreatePrivateThreads
CreatePublicThreads
SendPolls
SendTTSMessages
SendVoiceMessages
Blue
CreateInstantInvite
PrioritySpeaker
Stream
UseExternalApps
UseExternalEmojis
UseExternalSounds
UseExternalStickers
UseSoundboard
Aqua/Gray
AddReactions
AttachFiles
ChangeNickname
Connect
EmbedLinks
RequestToSpeak
SendMessages
SendMessagesInThreads
Speak
UseApplicationCommands
UseEmbeddedActivities
ViewChannel
Green
ReadMessageHistory
UseVAD
Permissions Listed Alphabetically
AddReactions (Aqua/Gray)
Administrator (Red)
AttachFiles (Aqua/Gray)
BanMembers (Red/Orange)
BypassSlowmode (Yellow)
ChangeNickname (Blue/Aqua)
Connect (Aqua/Gray)
CreateEvents (Orange)
CreateGuildExpressions (Yellow)
CreateInstantInvite (Blue)
CreatePrivateThreads (Yellow/Blue)
CreatePublicThreads (Yellow/Blue)
DeafenMembers (Yellow)
EmbedLinks (Aqua/Gray)
KickMembers (Red/Orange)
ManageChannels (Red)
ManageEmojisAndStickers (Yellow)
ManageEvents (Orange)
ManageGuild (Red)
ManageGuildExpressions (Yellow)
ManageMessages (Yellow)
ManageNicknames (Yellow)
ManageRoles (Red)
ManageThreads (Yellow)
ManageWebhooks (Red)
MentionEveryone (Orange)
ModerateMembers (Yellow)
MoveMembers (Yellow)
MuteMembers (Yellow)
PinMessages (Yellow)
PrioritySpeaker (Blue)
ReadMessageHistory (Green)
RequestToSpeak (Aqua/Gray)
SendMessages (Aqua/Gray)
SendMessagesInThreads (Aqua/Gray)
SendPolls (Yellow/Blue)
SendTTSMessages (Yellow/Blue)
SendVoiceMessages (Yellow/Blue)
Speak (Aqua/Gray)
Stream (Blue)
UseApplicationCommands (Aqua/Gray)
UseEmbeddedActivities (Blue/Aqua)
UseExternalApps (Blue)
UseExternalEmojis (Blue)
UseExternalSounds (Blue)
UseExternalStickers (Blue)
UseSoundboard (Blue)
UseVAD (Green)
ViewAuditLog (Orange)
ViewChannel (Aqua/Gray)
ViewCreatorMonetizationAnalytics (Orange)
ViewGuildInsights (Orange/Yellow)
