Mastodon
  • What is Mastodon?
  • Using Mastodon
    • Signing up for an account
    • Setting up your profile
    • Posting to your profile
    • Using the network features
    • Dealing with unwanted content
    • Promoting yourself and others
    • Set your preferences
    • More settings
    • Using Mastodon externally
    • Moving or leaving accounts
    • Running your own server
  • Running Mastodon
    • Preparing your machine
    • Installing from source
    • Configuring your environment
    • Configuring full-text search
    • Installing optional features
      • Object storage
      • Onion services
      • Captcha
      • Single Sign On
    • Setting up your new instance
    • Using the admin CLI
    • Upgrading to a new release
    • Backing up your server
    • Migrating to a new machine
    • Scaling up your server
    • Moderation actions
    • Troubleshooting errors
      • Database index corruption
    • Roles
  • Developing Mastodon apps
    • Getting started with the API
    • Playing with public data
    • Obtaining client app access
    • Logging in with an account
    • Libraries and implementations
  • Contributing to Mastodon
    • Technical overview
    • Setting up a dev environment
    • Code structure
    • Routes
    • Bug bounties and responsible disclosure
  • Spec compliance
    • ActivityPub
    • WebFinger
    • Security
    • Microformats
    • OAuth
    • Bearcaps
  • REST API
    • Datetime formats
    • Guidelines and best practices
    • OAuth Tokens
    • OAuth Scopes
    • Rate limits
  • API Methods
    • apps
      • oauth
      • emails
    • accounts
      • bookmarks
      • favourites
      • mutes
      • blocks
      • domain_blocks
      • filters
      • reports
      • follow_requests
      • endorsements
      • featured_tags
      • preferences
      • followed_tags
      • suggestions
      • tags
    • profile
    • statuses
      • media
      • polls
      • scheduled_statuses
    • timelines
      • conversations
      • lists
      • markers
      • streaming
    • grouped notifications
    • notifications
      • push
    • search
    • instance
      • trends
      • directory
      • custom_emojis
      • announcements
    • admin
      • accounts
      • canonical_email_blocks
      • dimensions
      • domain_allows
      • domain_blocks
      • email_domain_blocks
      • ip_blocks
      • measures
      • reports
      • retention
      • trends
    • proofs
    • oembed
  • API Entities
    • Account
    • AccountWarning
    • Admin::Account
    • Admin::CanonicalEmailBlock
    • Admin::Cohort
    • Admin::Dimension
    • Admin::DomainAllow
    • Admin::DomainBlock
    • Admin::EmailDomainBlock
    • Admin::Ip
    • Admin::IpBlock
    • Admin::Measure
    • Admin::Report
    • Announcement
    • Appeal
    • Application
    • Context
    • Conversation
    • CustomEmoji
    • DomainBlock
    • Error
    • ExtendedDescription
    • FamiliarFollowers
    • FeaturedTag
    • Filter
    • FilterKeyword
    • FilterResult
    • FilterStatus
    • IdentityProof
    • Instance
    • List
    • Marker
    • MediaAttachment
    • Notification
    • NotificationPolicy
    • NotificationRequest
    • Poll
    • Preferences
    • PreviewCard
    • PreviewCardAuthor
    • PrivacyPolicy
    • Quote
    • Reaction
    • Relationship
    • RelationshipSeveranceEvent
    • Report
    • Role
    • Rule
    • ScheduledStatus
    • Search
    • ShallowQuote
    • Status
    • StatusEdit
    • StatusSource
    • Suggestion
    • Tag
    • TermsOfService
    • Token
    • Translation
    • V1::Filter
    • V1::Instance
    • V1::NotificationPolicy
    • WebPushSubscription

Roles

Management of roles from the admin dashboard.

  • Roles
    • Default roles
      • Base role (Default permissions)
      • Owner
      • Admin
      • Moderator
    • Add Role
      • Input Fields
      • Priority
    • Edit role

Roles

When the database is seeded, roles are derived from the values present in ~/config/roles.yml.

Role

The resultant default roles are Owner, Admin, and Moderator.

A role and its attributes can be created using Add role, present on the Roles (/admin/roles) page.

An existing role’s attributes can be changed using the edit role feature.

Default roles

Base role (Default permissions)

Affects all users, including users without an assigned role.

The only permission flag that can be altered for this role is Invite Users. Enabling this permission allows all users to send invitations.

The base role has a priority of 0, and this value cannot be altered.

Owner

A role that is assigned the Administrator permission flag, bypassing all permissions. Users with the owner role have every permission flag enabled.

The role’s Name, Badge color, and Display badge attributes can be changed. No permissions can be edited / revoked from this role.

The owner role has the highest priority of any role (1000). The owner can modify any other role attributes. No role can be created which supersedes the owner role, as role priority for new and existing roles must be <= 999.

Admin

A role that is assigned all Moderation and Administration permission flags.

The DevOps permission flag for this role is disabled, but can be enabled by an Owner (or a custom role with a higher priority value).

The role’s Name, Badge color, and Display badge attributes can be changed.

The admin role has a priority of 100.

Moderator

A role that is assigned certain Moderation permission flags. These include…

  • View Dashboard
  • View Audit Log
  • Manage Users
  • Manage Reports
  • Manage Taxonomies

The role’s Name, Badge color, and Display badge attributes can be changed.

The moderator role has a priority of 10.

Add Role

The admin/roles/new page allows for the creation of a custom role.

Input Fields

Name

Duplicate role names can exist. They are discerned in the database by their id, which cannot be set from the web interface.

Badge color

Priority

  • Defaults to 0
    • Cannot be > 999
    • Can be any negative integer value
  • Two roles can have the same priority value

“Higher role decides conflict resolution in certain situations. Certain actions can only be performed on roles with a lower priority.”

Display role as badge on user profiles
Permissions

Edit role

An existing role and its attributes can be edited using Edit in the role list. Input fields can be changed and saved, just as they can when creating a new role. The role can also be deleted using this form.

A logged in user with permission to Manage Roles will always be able to see every role, but cannot modify roles that exceed or are equal to their assigned role’s priority.

Last updated December 7, 2023 · Improve this page

Sponsored by

Dotcom-Monitor LoadView Stephen Tures Swayable SponsorMotion

Join Mastodon · Blog ·

View source · CC BY-SA 4.0 · Imprint