Roles and Permissions
BadgerPanel uses role-based access control (RBAC) to manage what users can see and do in the admin panel. Every user is assigned one role, and each role carries a set of permissions that determine which admin features are accessible.
Default Roles
BadgerPanel includes three built-in roles. These system roles cannot be renamed or deleted.
| Role | ID | Description |
|---|---|---|
| Admin | 1 | Full access to all admin features. Cannot be restricted. |
| Moderator | 2 | Configurable subset of admin permissions, typically used for support staff. |
| User | 3 | Standard customer role with no admin panel access. This is the default role for new registrations. |
Creating a Custom Role
- Navigate to Admin > Roles and click Create Role.
- Enter a Name and optional Description.
- Configure the Rate Limit Multiplier (see below).
- Select the permissions to grant from the available categories.
- Click Save.
Permission Reference
The following table lists all available permissions organized by category.
| Category | Permission | Description |
|---|---|---|
| Servers | admin.servers.list | View the server list in the admin panel |
admin.servers.create | Create new servers | |
admin.servers.update | Edit server settings and configuration | |
admin.servers.delete | Delete servers | |
admin.servers.power | Send power actions (start, stop, restart, kill) | |
admin.servers.suspend | Suspend and unsuspend servers | |
| Nodes | admin.nodes.list | View the node list |
admin.nodes.create | Add new nodes | |
admin.nodes.update | Edit node settings | |
admin.nodes.delete | Remove nodes | |
| Users | admin.users.list | View the user list |
admin.users.create | Create new user accounts | |
admin.users.update | Edit user details and roles | |
admin.users.suspend | Suspend and unsuspend user accounts | |
| Roles | admin.roles.list | View the role list |
admin.roles.create | Create new roles | |
admin.roles.edit | Edit existing roles and their permissions | |
| Eggs | admin.eggs.list | View eggs and nests |
admin.eggs.import | Import eggs from JSON files | |
admin.eggs.edit | Edit egg settings and variables | |
| Kubernetes | admin.kubernetes.list | View Kubernetes orchestrators |
admin.kubernetes.manage | Create, edit, and delete orchestrators | |
| Billing | admin.billing.settings | Configure billing settings and payment gateways |
admin.billing.products | Manage billing products and pricing | |
admin.billing.orders | View and manage customer orders | |
| Settings | admin.settings.general | Access general panel settings |
admin.settings.security | Configure security settings (2FA enforcement, registration, etc.) | |
admin.settings.mail | Configure email/SMTP settings | |
| Support | admin.support.tickets | View and respond to support tickets |
admin.support.categories | Manage support ticket categories | |
| Audit | admin.audit.view | View the audit log |
| Webhooks | admin.webhooks.manage | Create, edit, and delete webhooks |
| Cloudflare | admin.cloudflare.manage | Manage Cloudflare DNS integration settings |
Rate Limit Multiplier
Each role has a rate limit multiplier that controls how many API requests users with that role can make per minute. The multiplier adjusts the base rate limit:
- Default value: 1.00 (standard rate limit)
- Range: 0.01 to 99.99
- Higher values allow more requests per minute (e.g., 2.00 doubles the allowed rate)
- Lower values reduce the allowed rate (e.g., 0.50 halves it)
This is useful for giving staff accounts higher rate limits while keeping customer accounts at the default, or for throttling specific roles that should have reduced API access.
Assigning Roles to Users
To change a user's role:
- Navigate to Admin > Users and open the user's detail page.
- Select the new role from the Role dropdown.
- Click Save.
The role change takes effect immediately. The user's permissions and rate limits update on their next request.
Default Role for New Registrations
New users who register through the panel or OAuth are automatically assigned the User role (ID 3). This ensures new accounts have no admin access by default. To change which role is assigned to new registrations, update the default role setting in Admin > Settings > Security.
Next Steps
- User Management - creating and managing user accounts
- API Keys - managing API access tokens
- Server Management - server-level permissions and subusers