Roles and Permissions
BadgerPanel uses a role-based access control (RBAC) system. Every user is assigned exactly one role, and each role carries a set of granular permissions that determine what the user can access in the admin panel.
Default Roles
BadgerPanel ships with three system roles that cannot be deleted:
- Admin (role ID 1) -- Full access to all admin features. Cannot be restricted.
- Moderator (role ID 2) -- Configurable subset of admin permissions, typically used for support staff.
- User (role ID 3) -- Standard customer role with no admin access. This is the default role assigned to new registrations.
Creating a Role
- Navigate to Admin > Roles and click Create Role.
- Enter a Name (display name) and Slug (URL-safe identifier, auto-generated from name).
- Optionally add a Description.
- Configure the Rate Limit Multiplier (see below).
- Select the permissions to grant.
- Click Save.
Permission Categories
Permissions are organized into categories using a dot-notation key system. The following categories are available:
| Category | Example Keys | Description |
|---|---|---|
| Servers | admin.servers.list, admin.servers.create, admin.servers.delete | Manage game servers |
| Nodes | admin.nodes.list, admin.nodes.create, admin.nodes.delete | Manage daemon nodes |
| Users | admin.users.list, admin.users.create, admin.users.suspend | Manage user accounts |
| Roles | admin.roles.list, admin.roles.create, admin.roles.edit | Manage roles and permissions |
| Eggs | admin.eggs.list, admin.eggs.import, admin.eggs.edit | Manage egg templates |
| Kubernetes | admin.kubernetes.list, admin.kubernetes.manage | Manage clusters and orchestrators |
| Billing | admin.billing.settings, admin.billing.products, admin.billing.orders | Manage billing configuration |
| Settings | admin.settings.general, admin.settings.security, admin.settings.mail | Manage panel settings |
| Support | admin.support.tickets, admin.support.categories | Manage support tickets |
| Audit | admin.audit.view | View audit logs |
Use wildcard-style assignment by selecting all permissions within a category to grant full access to that area.
Rate Limit Multiplier
Each role has a rate limit multiplier that scales the global API rate limit for users with that role. The default multiplier is 1.00. Set a higher value (e.g., 2.00) to double the allowed request rate, or a lower value (e.g., 0.50) to halve it. This is useful for giving higher-tier customers or staff members more generous rate limits.
The multiplier is stored as a decimal value with two decimal places (range: 0.01 to 99.99).
Assigning Roles
To assign a role to a user:
- Navigate to Admin > Users > [user].
- Change the Role dropdown to the desired role.
- Click Save.
The role change takes effect immediately. The user's active sessions inherit the new permissions on their next API request.
Default Role Configuration
The default role for newly registered users is configured in Admin > Settings > General. By default, this is the "User" role (role ID 3). Changing the default role affects only future registrations; existing users retain their current role.
Editing a Role
Navigate to Admin > Roles > [role]. You can modify the name, description, rate limit multiplier, and permissions. System roles (Admin, Moderator, User) can have their permissions and multiplier edited but cannot be renamed or deleted.
Deleting a Role
Non-system roles can be deleted from the role detail page. Before deleting a role, reassign all users who have that role to a different one. The panel will prevent deletion if users are still assigned to the role.