Permissions and roles, the administrator needs to understand every permission and role in order to limit the attack vector and limit exposure. It’s about accountability, and taking responsibility for things we can control and understanding where we are vulnerable. Every discord we build should be built in mind with each and every single user being subject to compromise. Therefore, we have a PLAN in place BEFORE the attack, and do everything we can to mitigate and sometimes null the attack (before it takes place). But there is one role that must NEVER be compromised, and we can lock it down before the discord is open to the public.
The account that creates the discord should NEVER be an active USER in the server (once it is open) or even active anywhere outside of the server. It is OK if you use an active account to create the discord, but BEFORE going public, this role should be transferred to a burner account (preferably brand new account with email and discord name unassociated with the server/unrecognizable). This account is NOT used for anything else, other than being a ‘hardware wallet/ledger’ for the server.
No matter what the permissions and roles are in a server, no matter the hierarchy of those roles, the FOUNDER/CREATOR account bypasses all restrictions and has absolute control over the entire server and every role within it. The good news is, we can completely eliminate this attack vector and keep it in cold storage, unmarked and hidden away on the server. This account doesn’t need any special roles or identifiable markings and we in fact recommend keeping it that way.
Users may be able to use tools to figure it out, or discord itself may do a poor job of hiding it, but we do NOT need to bring any extra attention to this role, nor do we need to put it at risk by using it on an active account. With the account taken out of play and not in use, there is no chance of anyone phishing or gaining access to this account. Furthermore if an Admin is compromised, we always have one role above it, hidden and ready to ‘break in case of emergency’ and regain control of the server/eradicate the threat. If this role is ever compromised in this way, we know the attack came from within and limit it to only the person who had access to it being responsible.
The next most vulnerable area of attack is ANYONE with administrator permissions in the server (humans and bots). Administrator permissions bypass ALL roles and restrictions within the discord and channels HOWEVER they still cannot change or alter the roles at or above them. This hierarchy of roles can be used to our advantage when structuring discord roles and permissions.