Discord server administrators often need to grant bots the Manage Server permission so they can perform actions like changing server name, region, or verification level. However, giving this permission to every bot on the server creates a security risk. A compromised or malicious bot with Manage Server can rename channels, delete roles, or even delete the entire server. This article explains how to restrict the Manage Server permission to only the bots you trust, using Discord’s built-in role and permission system.
Key Takeaways: Restricting Manage Server to Trusted Bots
- Server Settings > Roles > Create Bot Role: Create a dedicated role for trusted bots that includes Manage Server permission.
- Server Settings > Roles > Role Order: Place the trusted bot role above all other bot roles in the role hierarchy to ensure permission inheritance.
- Server Settings > Integrations > Bots and Apps: Assign the trusted bot role to specific bots and remove Manage Server from all other bot roles.
Understanding the Manage Server Permission for Bots
The Manage Server permission allows a user or bot to change the server name, server region, verification level, explicit content filter, and enable or disable community features. For bots, this permission is often required for utility functions like automatic server backups, moderation logging, or integration with external platforms.
By default, when you invite a bot to your server, you can choose which permissions to grant. Many bot invitation links request Manage Server by default. If you accept without reviewing, that bot gains the ability to alter critical server settings.
Discord’s permission system is role-based. A bot’s effective permissions are the sum of all roles assigned to it. If a bot has two roles, one with Manage Server and one without, the bot still has Manage Server because permissions are additive. The only way to remove a permission is to ensure no role assigned to the bot includes it.
The risk is not theoretical. A bot that becomes compromised or is intentionally malicious can use Manage Server to delete channels, remove roles, change server settings, or even delete the server through the API. Restricting this permission to only the most trusted bots is a basic security practice for any serious Discord server.
Steps to Restrict Manage Server Permission to Trusted Bots Only
Step 1: Create a Dedicated Role for Trusted Bots
- Open Server Settings
Right-click your server name in the channel list and select Server Settings from the context menu. - Go to the Roles tab
In the left sidebar, click Roles. - Create a new role
Click the Create Role button. Name it something specific like Trusted Bot or Bot Admin. Choose a distinct color to visually identify it in the role list. - Enable Manage Server permission
Scroll down to the General Permissions section. Toggle Manage Server to the green checkmark. Leave all other permissions off unless the bot specifically needs them. - Save the role
Click the Save Changes button at the bottom of the page.
Step 2: Place the Trusted Bot Role High in the Role Hierarchy
- Return to the Roles list
You should still be in Server Settings > Roles. If not, navigate back. - Drag the Trusted Bot role upward
Roles are ordered from highest to lowest. Drag the Trusted Bot role so it sits above all other bot roles but below your server owner and administrator roles. This ensures the trusted bot role’s permissions take precedence over other bot roles that may lack Manage Server. - Verify the order
The role hierarchy determines which roles can modify or kick bots with lower roles. The Trusted Bot role must be higher than any bot role that should not have Manage Server.
Step 3: Assign the Trusted Bot Role to Specific Bots
- Open the Integrations menu
In Server Settings, click Integrations in the left sidebar. - Select the bot you trust
Under Bots and Apps, find the bot you want to grant Manage Server permission. Click its name or the Manage button. - Assign the Trusted Bot role
In the bot’s integration settings, scroll to the Roles section. Click the Add Roles dropdown and select the Trusted Bot role you created. Do not remove the bot’s existing role unless that role also has Manage Server. - Save changes
Click Save or Apply to confirm the role assignment.
Step 4: Remove Manage Server from All Other Bot Roles
- Review all existing bot roles
In Server Settings > Roles, examine every role that is assigned to a bot. Look for roles like MEE6, Dyno, Carl-bot, or any custom bot role. - Disable Manage Server on each role
Click each bot role, scroll to General Permissions, and toggle Manage Server to the red X. Click Save Changes for each role. - Check roles that bots may have inherited
Some bots may have been assigned a general role like Member or Bot that also includes Manage Server. Remove that permission from those roles as well.
Step 5: Test the Permission Restriction
- Invite the trusted bot to perform an action
Use the trusted bot’s command to change the server name or another Manage Server action. For example, if the bot supports it, run/server name New Name. The bot should execute the command successfully. - Test an untrusted bot
Try the same action with a bot that does not have the Trusted Bot role. The bot should fail with a permission error. - Confirm the bot’s effective permissions
You can use the/permissionscommand in a bot like Dyno or Carl-bot to check the effective permissions of any user or bot. Ensure Manage Server is absent for untrusted bots.
Common Mistakes and Security Considerations
Bot Has Manage Server Through Multiple Roles
If a bot has two roles and one of them includes Manage Server, the bot retains that permission even if the other role does not. Always remove Manage Server from every role assigned to the bot except the dedicated Trusted Bot role.
Role Hierarchy Blocks Permission Changes
If the Trusted Bot role is placed lower than another bot role that lacks Manage Server, the trusted bot may not be able to modify server settings that affect that higher role. Keep the Trusted Bot role near the top of the role list.
Bot Invitation Links Override Role Settings
When you re-invite a bot with a link that includes Manage Server, Discord may automatically assign that permission even if you later remove it through roles. Always use invitation links that grant only the minimum required permissions, then adjust roles afterward.
Bots That Require Manage Server for Core Functions
Some bots, like server backup bots or community management bots, genuinely need Manage Server. Do not remove this permission from those bots. Create the Trusted Bot role and assign it to those bots only.
Permission Management Methods: Roles vs Integration Settings
| Item | Role-Based Permission | Integration-Based Permission |
|---|---|---|
| Control granularity | Coarse: applies to all members or bots with that role | Fine: applies only to a specific bot |
| Ease of management | Moderate: requires creating and maintaining multiple roles | Simple: set permissions per bot in the Integrations menu |
| Risk of accidental grant | High: a bot may inherit Manage Server from a shared role | Low: only the specific bot gets the permission |
| Best for | Servers with many bots that need consistent permission levels | Servers with one or two trusted bots that need Manage Server |
After setting up the Trusted Bot role and restricting Manage Server, you can confidently run your server knowing that only the bots you explicitly trust can change critical settings. Periodically review your bot roles and the Integrations page to ensure no new bot has accidentally gained this permission. For an extra layer of security, enable two-factor authentication for your server owner account and limit the number of users with Administrator permission.