Web permissions
Web permissions determine what a web user can see on the Plan website. Logging in and changing permissions requires Authentication to be enabled, which requires HTTPS to be set up
How permissions are determined
Each web user can have one group. Each group has its own web permissions.
user -> group -> permission
When user is registered with /plan register, permission plan.webgroup.{group_name} is checked, eg. for admin group the Player needs to have plan.webgroup.admin permission.
You can change the group after registration with /plan setgroup {username} {group_name} where username is the name of the web user. They don't need to have plan.webgroup.{group_name} permission for this.
Permission editor
After login is enabled, the admin group has manage.groups web permission, which allows access to the /manage page on the website. After you /plan setgroup {username} admin, that user can use the Navigation Item at the top of the sidebar to go to Manage page.
This allows you to edit permissions of each group, delete groups and add new groups.
⚠️ If you lose all groups with
manage.groupsweb permissionIf you accidentally lose all groups with
manage.groupsweb permission, do/plan reloadandadmingroup will be added back or given all permissions again if it exists.
If you're updating from Plan version 5.5 see https://github.com/plan-player-analytics/Plan/wiki/Web-permissions#legacy-permission-level-groups
List of web permissions
Higher level permission grants all lower level permissions if given, eg access gives access.docs, access.network, etc.
You can limit visibility to specific elements by only giving permission for that element, eg page.network.overview.graphs.online allows seeing only the players online graph on /network page and nothing else.
You should give access.___ permission for anything you give page.__ permission for - otherwise 403 Forbidden is shown.
Version: 5.6 build 2574
| Permission | Description |
|---|---|
| access | Controls access to pages |
| access.docs | Allows accessing /docs page |
| access.errors | Allows accessing /errors page |
| access.network | Allows accessing /network page |
| access.player | Allows accessing any /player pages |
| access.player.self | Allows accessing own /player page |
| access.players | Allows accessing /players page |
| access.query | Allows accessing /query and Query results pages |
| access.raw.player.data | Allows accessing /player/{uuid}/raw json data. Follows 'access.player' permissions. |
| access.server | Allows accessing all /server pages |
| manage.groups | Allows modifying group permissions & Access to /manage/groups page |
| manage.users | Allows modifying what users belong to what group |
| page | Controls what is visible on pages |
| page.network | See all of network page |
| page.network.geolocations | See Geolocations tab |
| page.network.geolocations.map | See Geolocations Map |
| page.network.geolocations.ping.per.country | See Ping Per Country table |
| page.network.join.addresses | See Join Addresses -tab |
| page.network.join.addresses.graphs | See Join Address graphs |
| page.network.join.addresses.graphs.pie | See Latest Join Addresses graph |
| page.network.join.addresses.graphs.time | See Join Addresses over time graph |
| page.network.overview | See Network Overview -tab |
| page.network.overview.graphs | See Network Overview graphs |
| page.network.overview.graphs.calendar | See Network calendar |
| page.network.overview.graphs.day.by.day | See Day by Day graph |
| page.network.overview.graphs.hour.by.hour | See Hour by Hour graph |
| page.network.overview.graphs.online | See Players Online graph |
| page.network.overview.numbers | See Network Overview numbers |
| page.network.performance | See network Performance tab |
| page.network.playerbase | See Playerbase Overview -tab |
| page.network.playerbase.graphs | See Playerbase Overview graphs |
| page.network.playerbase.overview | See Playerbase Overview numbers |
| page.network.players | See Player list -tab |
| page.network.plugin.history | See Plugin History across the network |
| page.network.plugins | See Plugins tab of Proxy |
| page.network.retention | See Player Retention -tab |
| page.network.server.list | See list of servers |
| page.network.sessions | See Sessions tab |
| page.network.sessions.list | See list of sessions |
| page.network.sessions.overview | See Session insights |
| page.network.sessions.server.pie | See Server Pie graph |
| page.network.sessions.world.pie | See World Pie graph |
| page.player | See all of player page |
| page.player.overview | See Player Overview -tab |
| page.player.plugins | See Plugins -tabs |
| page.player.servers | See Servers -tab |
| page.player.sessions | See Player Sessions -tab |
| page.player.versus | See PvP & PvE -tab |
| page.server | See all of server page |
| page.server.geolocations | See Geolocations tab |
| page.server.geolocations.map | See Geolocations Map |
| page.server.geolocations.ping.per.country | See Ping Per Country table |
| page.server.join.addresses | See Join Addresses -tab |
| page.server.join.addresses.graphs | See Join Address graphs |
| page.server.join.addresses.graphs.pie | See Latest Join Addresses graph |
| page.server.join.addresses.graphs.time | See Join Addresses over time graph |
| page.server.online.activity | See Online Activity -tab |
| page.server.online.activity.graphs | See Online Activity graphs |
| page.server.online.activity.graphs.calendar | See Server calendar |
| page.server.online.activity.graphs.day.by.day | See Day by Day graph |
| page.server.online.activity.graphs.hour.by.hour | See Hour by Hour graph |
| page.server.online.activity.graphs.punchcard | See Punchcard graph |
| page.server.online.activity.overview | See Online Activity numbers |
| page.server.overview | See Server Overview -tab |
| page.server.overview.numbers | See Server Overview numbers |
| page.server.overview.players.online.graph | See Players Online graph |
| page.server.performance | See Performance tab |
| page.server.performance.graphs | See Performance graphs |
| page.server.performance.overview | See Performance numbers |
| page.server.player.versus | See PvP & PvE -tab |
| page.server.player.versus.kill.list | See Player kill and death lists |
| page.server.player.versus.overview | See PvP & PvE numbers |
| page.server.playerbase | See Playerbase Overview -tab |
| page.server.playerbase.graphs | See Playerbase Overview graphs |
| page.server.playerbase.overview | See Playerbase Overview numbers |
| page.server.players | See Player list -tab |
| page.server.plugin.history | See Plugin History |
| page.server.plugins | See Plugins -tabs of servers |
| page.server.retention | See Player Retention -tab |
| page.server.sessions | See Sessions tab |
| page.server.sessions.list | See list of sessions |
| page.server.sessions.overview | See Session insights |
| page.server.sessions.world.pie | See World Pie graph |
Legacy permission level groups
For those updating from 5.5 or below, Plan automatically moves existing users to legacy_level_x groups that have permissions matching the previous behavior.
You need to set a user as admin before you can edit permissions with /plan setgroup {username} admin. This was since level 0 gave access to everything, but you might not want everyone who previously had level 0 editing permissions.
After that you can move the legacy users to other groups or keep them as is if desired.
| Legacy group | Equivalent new default group | What they can roughly see |
|---|---|---|
| didn't exist | admin | everything + editing permissions |
| legacy_level_0 | read_all | read access to everything except /errors and /docs |
| legacy_level_1 | player_analyst | query, players and all player pages |
| legacy_level_2 | player | own player page |
| legacy_level_100 | no_access | nothing |
Moving users happens by deleting the group and selecting where to move the existing users:
Remember that when user is registered with /plan register, permission plan.webgroup.{group_name} is checked, eg. for admin group the Player needs to have plan.webgroup.admin permission.