Skip to content

Administrative Security

Purpose

Administrative permissions provide staff with significant authority over the server and community. Protecting those permissions is essential to maintaining player trust and the integrity of Barren Land.

Every staff member is responsible for safeguarding their accounts, credentials, and administrative access.

Account Security

All staff members are expected to:

  • Use a strong, unique password for Discord and Steam.
  • Enable Multi-Factor Authentication (MFA) wherever available.
  • Keep recovery information up to date.
  • Never share account credentials with another person.
  • Secure any device used to access administrative tools.

Compromised accounts can quickly become community-wide security incidents.

Administrative Accounts

Administrative permissions are assigned to individuals—not groups.

Staff members must never:

  • Share administrator accounts.
  • Borrow another staff member's account.
  • Allow another person to perform moderation using their account.

Every moderation action should be attributable to a single staff member.

Steam Accounts

Steam accounts used for administration are part of the moderation audit trail.

Staff should:

  • Keep Steam profiles secure.
  • Report account compromises immediately.
  • Notify leadership before changing primary administrative accounts whenever possible.

Maintaining accurate staff identity records helps preserve accountability.

Administrative Commands

Administrative commands exist solely to support moderation.

Staff must never use commands to:

  • Gain gameplay advantages.
  • Assist themselves or friends.
  • Influence normal gameplay without moderation justification.
  • Win combat.
  • Circumvent server mechanics for personal benefit.

Every command should be defensible if reviewed later.

Confidential Information

Internal information should remain within authorized staff channels.

Examples include:

  • Investigation notes
  • Player reports
  • Internal discussions
  • Evidence
  • Administrative procedures
  • Future policy discussions

Confidential information should never be shared publicly unless leadership authorizes its release.

Incident Reporting

If a staff member believes their account or administrative permissions have been compromised, they should notify leadership immediately.

Prompt reporting allows the team to:

  • Remove compromised permissions.
  • Protect the community.
  • Preserve investigation evidence.
  • Restore access safely.

There is no penalty for reporting a suspected compromise in good faith.

Principle of Least Privilege

Staff should only use the permissions necessary to perform their responsibilities.

Administrative powers are tools for serving the community—not indicators of status or authority.

Whenever possible, resolve situations using communication before administrative intervention.