How to Set Up Staff Ranks and Permissions

Why Staff Structure Matters

A clear staff hierarchy is the difference between a well-moderated server and total chaos. Without defined ranks and permissions, staff members either have too much power (leading to accidental damage or abuse) or too little (making them unable to do their job). The goal is to give each staff level exactly the permissions they need, no more, no less. This principle is called "least privilege" and it protects your server from both intentional abuse and honest mistakes. An overpowered Helper who accidentally runs /ban * is just as destructive as a rogue Admin who does it on purpose.

The Standard Staff Hierarchy

Most successful Minecraft servers use a four-tier staff structure. You can customize the names, but the responsibility divisions have been refined by thousands of servers over the past decade:

Helper

Helpers are the entry-level staff rank. Their job is to answer questions, guide new players, and report issues to higher staff. They should not have access to destructive commands. A Helper who turns out to be untrustworthy should be able to be removed without any damage done to the server.

Typical permissions:

• essentials.helpop, send messages to the staff channel.
• essentials.socialspy, read private messages to detect rule violations.
• essentials.mute, mute players who spam or break chat rules.
• essentials.vanish, go invisible to observe suspected rule breakers.
• coreprotect.inspect, check block history using CoreProtect to investigate grief reports.

Moderator

Moderators handle enforcement. They can punish rule breakers, teleport to investigate situations, and perform limited rollbacks. Mods are trusted enough to ban players and undo grief, but they should not have access to server configuration or economy-breaking commands.

Typical permissions (in addition to Helper permissions via inheritance):

• essentials.ban, essentials.tempban, ban and temporarily ban players.
• essentials.kick, kick players from the server.
• essentials.tp, essentials.tphere, teleport to and summon players.
• essentials.invsee, view a player's inventory to check for illegal items.
• coreprotect.rollback, roll back grief using CoreProtect.
• worldguard.region.bypass.*, bypass region protections for investigation (use with caution).

Admin

Admins manage the server's operational aspects. They configure plugins, manage the economy, handle escalated issues that Mods cannot resolve, and oversee the staff team. Admins should be highly trusted individuals, ideally people you know personally or have worked with for an extended period.

Typical permissions (in addition to Moderator permissions):

• essentials.gamemode, switch game modes (for building spawn areas, testing).
• essentials.give, spawn items (for events, testing, compensation).
• essentials.eco, modify player balances (for economy corrections).
• luckperms.*, full LuckPerms access to manage permissions (or a restricted subset).
• worldedit.*, WorldEdit for building server infrastructure.
• Plugin-specific admin permissions for configuring shop prices, crate rewards, etc.

Owner

The Owner rank has * (all permissions) or is set as operator (op). This should be limited to one or two people, the actual server owners. Owner should be a rank that nobody aspires to "earn" because it represents responsibility, not a reward. In many setups, the Owner rank is not even visible in chat to avoid attracting social engineering attempts.

Setting Up Groups in LuckPerms

LuckPerms is the standard permissions plugin. Create the staff groups and set up inheritance so that each rank inherits the permissions of the rank below it:

/lp creategroup helper
/lp creategroup mod
/lp creategroup admin
/lp creategroup owner

# Set inheritance chain
/lp group mod parent add helper
/lp group admin parent add mod
/lp group owner parent add admin

Now add permissions to each group. Permissions set on the helper group automatically apply to mod, admin, and owner through inheritance. This means you only need to define Helper-level permissions once, they cascade upward.

# Helper permissions
/lp group helper permission set essentials.helpop true
/lp group helper permission set essentials.mute true
/lp group helper permission set essentials.vanish true
/lp group helper permission set coreprotect.inspect true

# Mod permissions (only what Mod adds beyond Helper)
/lp group mod permission set essentials.ban true
/lp group mod permission set essentials.tempban true
/lp group mod permission set essentials.kick true
/lp group mod permission set essentials.tp true
/lp group mod permission set essentials.tphere true
/lp group mod permission set essentials.invsee true
/lp group mod permission set coreprotect.rollback true

Using the LuckPerms Web Editor

For complex permission setups, the LuckPerms web editor is far more convenient than running commands one at a time. Run /lp editor in-game or from the console. LuckPerms generates a unique URL that opens a web-based interface where you can:

• View all groups and their permissions in a tree structure.
• Add, remove, and modify permissions with checkboxes.
• Set permission contexts (world-specific, server-specific on networks).
• Manage inheritance visually by dragging groups.
• Search for specific permission nodes across all groups.

When you are done editing, click "Save" and the changes apply to your server immediately. The web editor is especially useful when setting up a new server because you can configure all groups in one session rather than running dozens of commands.

Chat Prefixes via Vault and EssentialsX

Staff ranks should be visible in chat so players know who to approach for help. Vault bridges your permission groups with chat formatting plugins. In EssentialsX, chat format is controlled by the chat section in config.yml:

chat:
  format: '{DISPLAYNAME} > {MESSAGE}'

The {DISPLAYNAME} placeholder pulls the player's prefix from their LuckPerms group. Set prefixes in LuckPerms:

/lp group helper meta setprefix 100 "&a[Helper] "
/lp group mod meta setprefix 200 "&9[Mod] "
/lp group admin meta setprefix 300 "&c[Admin] "
/lp group owner meta setprefix 400 "&4[Owner] "

The number (100, 200, etc.) is the priority, higher numbers take precedence when a player is in multiple groups. Color codes use the & prefix followed by a color character (a = green, 9 = blue, c = red, 4 = dark red).

Staff-Only Commands

Beyond basic moderation, staff need access to specific utility commands:

• Vanish (/v): Become invisible to players. Essential for catching rule breakers in the act. Use SuperVanish or PremiumVanish for advanced features like hiding from tab list and join/leave messages.
• Teleport (/tp, /tphere): Move to player locations for investigation. Combine with vanish for covert observation.
• Ban/Mute/Kick: Standard punishment commands via EssentialsX or a dedicated punishment plugin like LiteBans or AdvancedBan.
• Staff chat (/sc): A private chat channel visible only to staff. EssentialsX provides this through /helpop, or use a dedicated staff chat plugin for a persistent channel.
• Inventory inspection (/invsee): View and optionally modify another player's inventory. Useful for confiscating illegal items.

Preventing Permission Escalation

Permission escalation occurs when a staff member uses their existing permissions to grant themselves higher permissions. This is the most dangerous internal security threat on any server. Prevent it with these measures:

• Never give Admins luckperms.* wildcard. Instead, give specific LuckPerms permissions: luckperms.user.permission.set, luckperms.user.parent.add, but not luckperms.group.permission.set (which would let them modify their own group's permissions).
• Use LuckPerms weight system. Set each group's weight so that lower-ranked staff cannot modify groups at or above their level. LuckPerms enforces this automatically when configured correctly.
• Restrict /op access. Never give anyone the minecraft.command.op permission except through the console. A single /op command bypasses your entire permission structure.
• Audit regularly. Run /lp group admin permission info periodically to check for unauthorized permission changes. LuckPerms logs all changes, review the log if something looks off.
• Never share console access. Console has unrestricted access to everything. Only the server owner should have panel or SSH access.

Staff Etiquette Rules

Permissions define what staff can do. Etiquette rules define what they should do. Write these down and share them with every new staff member:

• Never use staff powers for personal gain (spawning items for yourself, teleporting to find resources, using vanish to spy on friends for fun).
• Always warn before punishing, unless the offense is blatant (hacking, slur usage).
• Document every ban with a reason. Use a punishment plugin that logs reasons so bans can be reviewed and appealed.
• Never argue with players publicly. If a dispute arises, take it to private messages or Discord.
• Report any suspicion of staff abuse to a higher rank immediately.
• Do not discuss internal staff matters (ban reasons, player reports, admin decisions) in public chat.

A well-run staff team is the biggest competitive advantage your server can have. Players stay on servers where they feel the moderation is fair, responsive, and professional. Invest time in staff training and you will see it reflected in player retention.

Need a server for this? Astroworld Hosting offers NVMe SSD, Pterodactyl panel, and DDoS protection on every plan. See features , plans from €6.39/mo.