View Full Version : [SOLVED] RBAC - New Ranks

08-17-2013, 10:48 AM
Hello Emudevs!

Been looking into RBAC recently but I'm fairly new to it in terms of making a completely new rank.

I have been trying to find a utility or a guide that shows me exactly how to do this but alas I could not find one. The most I could find was a guide explaining how RBAC works.

The rank system I currently wish to create would be:

0. Player
1. VIP
2. Trial GM
3. GM
4. Head GM
5. Developer
6. Administrator
7. Owner
8. Console

Also is there a way I can use those ranks to limit some command functionality? For example only rank 6 or 7 can use the .additem or .modify commands on other players. Whereas Rank 5 can only use those commands on themselves?

Thank you for taking the time to read my support request and I appreciate any input that anybody may give.

08-17-2013, 12:06 PM
Check out the trinitycore documentation:

It seems that this code part is the only useful thing other than using the rank hierarchy of GM levels:

// ignore only for non-players for non strong checks (when allow apply command at least to same sec level)
if (m_session->HasPermission(RBAC_PERM_CHECK_FOR_LOWER_SECURITY) && !strong && !sWorld->getBoolConfig(CONFIG_GM_LOWER_SECURITY))
return false;

strong defaults to false, so you should use RBAC_PERM_CHECK_FOR_LOWER_SECURITY and have the config setting for the security set in worldserver.conf
So add RBAC_PERM_CHECK_FOR_LOWER_SECURITY for 6 and 7 and any other rank you want to be able to use commands on other people, or deny it from the ppl who shouldnt or do both for everyone.
Not sure what the default is.
Sadly this applies to ALL gm commands and not the specific ones for the player. So you cant enable a player to use .modify morph for players and .additem you cant use on players.

If you look at the tables and possibly check out the documentation and test around, how it works should be rather clear.
I have never touched rbac before this, but it seems that:
rbac_permissions lists all the permissions you can give
rbac_roles has all roles. You can make a custom role.
rbac_role_permissions links permissions to the roles. So this adds stuff to your role. IE instant logout, commands ..

rbac_groups has general groups, IE player is 1. You can make a custom group
rbac_group_roles links the group, IE player, to roles. So player can have many roles. Role is a little funny name though .. So this adds stuff to the group

rbac_security_level_groups links GM ranks to RBAC groups. This means that if you give someone GM rank 2, he will have all groups defined in this table. Which means that he will have all the roles defined for those groups, which means that he has all the permissions defined for all those roles in the groups.

There is no clear order like for GM ranks. There is no
There are just IDs and the ranks.
An RBAC group ID 99 can have less permissions and be lower than group ID 10 and the other way around.

08-18-2013, 04:31 PM
Thanks very much for that explanation Rotchet. I'll have a look into it more in regards with what you said and test it. I assume I still need to add the rank to common.h if I want it to work with some scripts that use security ranks?