If modifying your own Teamspeak server, start with the Server Admin role and checkmark "Show granted only" and follow along with how to safely set up. If you still don't get it, I will link a video that I used as my starting off point at the end.
DO NOT ASSIGN is the most powerful tag within the Chaos Teamspeak. It is the default server admin tag w/ limitless power. As the name suggests, you're not supposed to have it assigned, but the Overlords are stupid and assigned it to themselves anyway.
Following that, you have the BADmin tag. The BADmin tag is based on a cloned Server Admin tag with key differences.
- Every primary channel on the server, ie ones that should NEVER be modified, moved, etc, have this layout for permissions:
The DO NOT ASSIGN tag has most of its powers set to 75. The BADmin tag has its powers all set to 70- this means that, in most of the main channels, the BADmins cannot change, move, delete, or upload files to the normal, default channels. However, for channels that need to be renamed, there are other methods to bypass this. I will go over it later in this post.
- BADmins CANNOT create Privilege Keys, which is:
Code: Select all
b_virtualserver_token_addCode: Select all
b_virtualserver_token_list
b_virtualserver_client_permission_list
b_virtualserver_token_delete- You want to remove the ability for BADmins to do the following:
Code: Select all
b_virtualserver_modify_maxclients
b_virtualserver_modify_password
b_virtualserver_modify_reserved_slots
b_virtualserver_modify_reserved_slots
b_virtualserver_modify_default_servergroup
b_virtualserver_modify_default_channelgroup
b_virtualserver_modify_default_channeladmingroup
b_virtualserver_modify_channel_forced_silence
b_virtualserver_modify_complain
b_virtualserver_modify_antiflood
b_virtualserver_modify_ft_settings
b_virtualserver_modify_ft_quotas
b_virtualserver_modify_port
b_virtualserver_modify_needed_identity_security_level
b_virtualserver_modify_temporary_passwords_own
b_channel_modify_make_default
b_client_skip_channelgroup_permissions
b_virtualserver_servergroup_delete
b_virtualserver_channelgroup_delete
b_client_create_modify_serverquery_login- We now begin to get into numerical permissions. Every single time you see a value regarding "___ Power" it can be set for 70. However, "Needed ___ Power" needs to be either 70 or 75 depending on if you want your BADmins to be able to do things to each other. Most importantly, however, is this:
Code: Select all
i_group_needed_modify_power
i_group_needed_member_add_power
i_group_needed_member_remove_power- Our teamspeak has a feature allowing people 2 ranks below another person to pull that person to their own channel at will. To do this, you need to modify this permission:
Code: Select all
i_client_needed_move_power- If you have ranks, like on our server, with their own ban power, you want to set your BADmin role to have a "negate" permission on this permission:
Code: Select all
i_client_ban_max_bantime- You also want to disable these permissions:
Code: Select all
b_client_ignore_bans
b_channel_join_ignore_passwordAfter all of that, we get into the moderator role, known as kidsbOP on our server.
On our server, moderators:
- CANNOT create permanent channels (but can create Semi-Permanent)
- Have their relevant numerical positions set for 65 (except the Needed ones, see above.)
- CANNOT perma-ban
- Can ONLY modify the virtual server name, banner, and icon ID.
From here on, if you want to make multiple layers of administrator groups for your teamspeak, it's a matter of understanding how the numbers within your hierarchy interact. On that note, however, I will go into some example non-administrative Officer, NCO, Member, and Guest role permissions.
- In our teamspeak, everyone is capable of creating temporary channels; there is little harm in them because once someone leaves, the channel is deleted. It's a nice way to have a fairly compact teamspeak once people understand they can make their own subchannels if they're playing a game or something with a friend.
-We allow our officers to modify our teamspeak banner. However, please note that teamspeak memory leaks when you put GIFs as the banner, so you may not want to enable that functionality.
- Every single role beneath the administrator roles has a Needed Group Modify Power of 75; that way, only the main server admin that is the default admin tag can modify ANY of the roles that have been created in the teamspeak. Just the same, every single role is based on reducing the permissions of the role above them; for example, BADmin is a neutered Server Admin, kidsbOP on BADmin, Overlord and Lord on kidsbOP, etc. There is some intersect regarding Overlord and kidsBOP permissions due to the nature of being a group lead.
- One important permission to disable for every single non-administrative group is this one:
Code: Select all
b_client_remoteaddress_view- To have the rank display, modify this permission:
Code: Select all
i_group_show_name_in_treeCode: Select all
b_client_server_textmessage_sendCode: Select all
b_client_use_channel_commanderHonestly there isn't a lot to go over for Officers and NCOs aside from setting up your numerical hierarchy and keeping in mind which numbers interact with which. If you need to do some testing, set up a second Teamspeak Identity under the Tools tab, and double click the identity and connect to TS under a new tag to test those permissions on your NCO and Officer roles.
- As for normal, non NCO, non admin roles, the permissions are again the same, but in the very low numerals. Same for guests, but the only difference is the guest tag is made default (by default) and talk power is enforced. You may need to manually adjust your guest tag to make sure all the desired permissions are correct.
- Now for File Browsers. Same concept for a hierarchy is used to manage the teamspeak FTP for your R&D guys; you have two options. Either set different levels of hierarchy to upload and download files (in Chaos, we have librarians able to upload documentation, and Mechanicus to upload mechanicus files, set for 2 and 3 respectively) or password your developer channels and give your devs the password, then remove the ability from your users to file browse locked channels, which is this permission:
Code: Select all
b_ft_ignore_passwordb_client_force_push_to_talk
Some useful administrative tags:
Do Not Poke:
(assign to the person who doesn't want to be poked)
Do Not Speak:
(assign to person spamming)
Do Not Move:
(sticky client, removes ability for person to move)
Steam Guest:
(removes push to talk enforcement, it considered a temporary role so when they leave TS, they lose the permission)
i can't think of what else to document right now