Unified Permissions Check Standard

To avoid incompatibilites between permissions mods it seems like a logical thing for the community to create an Open standard for permission checks so that any mod works with any permission system, simililar to how Minecraft does it with Server binaries such as Bucket and Spigot. Is there any interest for creating this?


Looks like garry is implementing something similar to the old Gmod system (aka there’s only Admin and User)

Unless someone in the early access makes something universally accepted I doubt that it’s going to be different from what we’ve seen in Gmod.
Personally I’d love if Garry implemented a system based on “Numerical Rank” (0 < 1 < 2 < … < 999) instead of something as binary as Admin/User.

1 Like

I was thinking of something like this: any addon that wants to check for a permission sends a check with a string which is the name of the permission being checked. Optionally, you can also include a number value that constitutes the power of the permission check(for hierarchies). This way you can have a role that can for example give weapons to everyone but not ban everyone(as there is no single immunity hierarchy).


I don’t see this getting built into the game by facepunch. Not every game would need a rank heirarchy based permission system so why would it be integrated for all of them. But with that said if it is in the base then that will absolutely make it easier.

An addon to handle this will almost certainly be a thing (unless facepunch somehow makes it redundant) and depending on who gets early access I wouldn’t be surprised if we do see a widely accepted one (such as the one in gmod that’s name is escaping me at the moment) before the public launch.

Not every gamemode needs it, but every public server needs it.

1 Like

I believe the one you’re thinking of is ULX. The idea is that instead of basing it on a specific group system and locking everyone to using one mod, we make a standard that allows people to make multiple rank mods without making checking opinionated. I’d gladly make a standard if I get Early Access but that’s not guaranteed. The standard system would just work as an intermediary later, not a standalone.

No not ULX. I can’t remember the name but there is a rank hierarchy api that a lot of addons can use if you set them up too.


Yeah that’s basically what I’m imagining, just a bit more extensive. Instead of just having it so it checks if you have a true value on X permission instead it runs thru a list of events and checks so that no permission handler returns a reject status, almost like some hooks handled stuff in Gmod.

I think it’s CAMI or CPPI.

1 Like

I’m more for roles as collections of permissions, rather than numerical. This is mostly due to the fact that although numerical works fine where you have an isolated heirachy on one server, having shared permissions across mutliple servers you encounter some edge cases that just don’t work.

It looks like the current system is already trending towards being group based, as so far the pemission checks in s&box are just a series of strings.

From accesslist.txt:

Sandbox.Game/Sandbox.Player.HasPermission( System.String )

From using string permissions rather than stuff like Player.isAdmin() demonstrates that garry’s admin/user roles are just two groups.

It would be nice if we were able to change the backend that does check these permissions, so we do have the possability of doing something entirely numeric (although one hack way would be to just name the groups as numbers).

Honestly, I would be happy if we were to just copy minecraft’s way of doing permissions with namespaced string values, they’re super flexible and you can do a ton with it.


We could probably just use permission just how oxide deals with them…

Roles (& Users) can have Permissions (Just String Keys)
Users can be member of any role
Roles can extend one other Role (Maybe multiple imports would be neat)

But to be honest: I dont think this should be included in the base game, but if, i would like it that way ^^ :smiley:


As long as there is some HasPermission method that can be overriden by addons you can add any custom logic such as roles or a simple admin only system


I think it’s a good idea to implement a form of permission management in the base game. It’s something that is going be frequently used among public servers so providing the foundation to be expanded upon by individuals is a good approach. It doesn’t have to be any more complex then as described by a few of you above, a simple grouping system with permissions that can be assigned and revoked. If people want something more complex specific to their server, they could also expand upon this system but in most cases it would be ideal as is.

In my view, you would be able to create Permission Groups in a properties file and define permissions they have access to as strings. Then, you can just assign users a permission group and check if said group has a specific permission. Makes it easily manageable.

1 Like

No matter what Facepunch ends up deciding is best for the base game, people are going to make admin mods that do different things. Just like in Garry’s Mod, some game mode developers will have their own system in place on top of the base game permissions.


As long as there is some HasPermission method that can be overriden by addons you can add any custom logic such as roles or a simple admin only system

^ This isn’t a bad thought, making something like this optional can prevent compatibility issues in the future.

Whatever permissions system Facepunch implements, we are still going to have multiple (at some point) admin modifications that do slightly different things. So all that being said, yes a standard would be good initially, but I don’t think it could last.

The standards will be defined by the most popular admin modifications.

I am all for the groups and users standard. Windows does it, oxide does it as was stated earlier IIRC and it is the most flexible. Any group can have any role, any user can be a part of one or more groups and any user can have any role. Groups can also inherit off of other groups That means if you want a numerical based system you can do that, just make groups are named 1,2,3 etc and give them the permissions you want, and then assign them to each user, not adding multiple and not inheriting groups from each other. If you want a tags based system you can do that. It is just one permission per group, if you want a binary admin/user setup then you can do that as well One group is admin, the other group is user