Why Discord Bot Permissions Override Server Role Permissions Selectively

When you add a bot to your Discord server, you might notice it can do things that its role permissions seem to forbid, or it cannot do things that its role permissions appear to allow. This selective override happens because Discord uses a specific permission hierarchy where bot-specific settings take precedence over role-based settings in certain cases. The root cause lies in how Discord handles permission inheritance, the bot’s OAuth2 scopes, and the interaction between role permissions and bot permissions set during the invite process. This article explains the exact mechanism behind this selective override and how to control it.

How Discord Permission Hierarchy Works for Bots

Discord uses a three-tier permission system for bots: OAuth2 scopes, role permissions, and channel-specific overrides. Each tier can override the previous one depending on the specific permission and context.

When you invite a bot, you select a set of OAuth2 scopes that grant the bot broad abilities, such as reading messages, sending messages, or managing channels. These scopes act as a baseline. The bot is then assigned a role on the server, which can grant or deny specific permissions. However, the OAuth2 scopes can override role-based denials for certain actions, creating the selective override you observe.

For example, if you invite a bot with the “Manage Webhooks” scope but assign it a role that denies “Manage Webhooks,” the bot can still create and manage webhooks because the OAuth2 scope takes priority. This is not a bug; it is by design to allow bots to function even when server role settings are restrictive.

Permission Calculation Order

Discord calculates effective permissions by starting with the @everyone role, then adding permissions from all assigned roles, and finally applying channel-specific overrides. For bots, the OAuth2 scopes are evaluated separately and can override the final result for actions covered by those scopes.

Scenarios That Cause Selective Override

The selective override occurs in three main scenarios:

• OAuth2 scope vs role denial: The bot’s invite scope grants a permission that the role denies. The scope wins for actions like reading message history, managing roles, or kicking members.
• Channel-specific overrides: A channel override denies a permission to the bot role, but the bot’s OAuth2 scope grants it. The scope wins for actions like sending messages in a read-only channel.
• Permission inheritance gaps: The bot role lacks a permission, but the bot’s OAuth2 scope includes it. The scope fills the gap, allowing the bot to perform the action.

Steps to Diagnose and Control Bot Permissions

1. Check the bot’s OAuth2 scopes
   Go to the Discord Developer Portal, select your bot application, and click OAuth2 > URL Generator. Review the scopes listed under “SCOPES.” Each scope grants a specific set of permissions that cannot be revoked by role settings.
2. Identify the bot’s role on the server
   In your server, go to Server Settings > Roles. Find the role assigned to the bot. Click the role and review the permissions in the “General Permissions” and “Text Permissions” sections.
3. Compare scope permissions with role permissions
   Cross-reference the OAuth2 scopes with the role permissions. Any permission granted by a scope will override a role denial for that same action. For example, if the scope includes “Read Message History” and the role denies it, the bot can still read history.
4. Adjust role permissions to match desired behavior
   If you want the bot to obey role restrictions, remove the conflicting OAuth2 scopes by re-inviting the bot with a new URL that only includes necessary scopes. Alternatively, grant the permission in the bot role to avoid a conflict.
5. Use channel-specific overrides for fine control
   To restrict a bot in a specific channel, go to that channel, click Edit Channel > Permissions, add the bot role, and set the desired permission to DENY. This only works if the OAuth2 scope does not cover the action. For scope-covered actions, the override is ignored.

Common Misconceptions About Bot Permissions

“The bot role has Administrator, so it can do everything”

True. Administrator permission overrides all role-based and channel-based restrictions. However, OAuth2 scopes are still evaluated, but they become redundant because Administrator already grants full access.

“Denying a permission in the bot role blocks the action completely”

False. If the bot’s OAuth2 scope grants that permission, the role denial is ignored. This is the most common cause of selective override.

“Channel overrides always work for bots”

False. Channel overrides only apply to permissions not covered by OAuth2 scopes. For example, if the bot has the “Send Messages” scope, a channel override that denies “Send Messages” has no effect.

Comparison of Permission Sources and Their Priority

Permission Source	Priority Level	Can Be Overridden By
OAuth2 scope	Highest	Cannot be overridden by role or channel settings
Role permission (grant)	Medium	OAuth2 scope (if scope grants the same permission)
Role permission (deny)	Low	OAuth2 scope (if scope grants the same permission)
Channel-specific override (grant)	High for non-scope permissions	OAuth2 scope (if scope covers the action)
Channel-specific override (deny)	High for non-scope permissions	OAuth2 scope (if scope covers the action)

Discord bot permissions override server role permissions selectively because OAuth2 scopes take priority over role and channel settings for specific actions. To control this behavior, you must manage both the bot’s invite scopes and its role permissions together. Start by auditing the bot’s OAuth2 scopes in the Developer Portal, then adjust the bot role on your server to match your intended restrictions. For advanced control, use channel-specific overrides only for permissions not covered by OAuth2 scopes.