Permission flags
Permissions are the building blocks of ACLs and roles. Each one is a single yes/no flag that controls one specific action. They are set per-channel via ACL rules or bundled into roles.
Channel permissions
Section titled “Channel permissions”These permissions apply to any channel and are inherited down the channel tree unless overridden.
| Permission | Bit | Description |
|---|---|---|
| Write ACL | 0x1 | Edit the channel’s ACL rules and groups. Grants full control — only assign to trusted admins. |
| Traverse | 0x2 | See the channel and walk into its sub-channels. Denying this hides the channel completely. |
| Enter | 0x4 | Join the channel. A user can see a channel they cannot enter if Traverse is allowed. |
| Speak | 0x8 | Transmit voice in the channel. |
| Mute / Deafen | 0x10 | Server-mute or server-deafen other users in this channel. |
| Move users | 0x20 | Move other users into or out of this channel. |
| Make sub-channel | 0x40 | Create permanent sub-channels under this channel. |
| Link channels | 0x80 | Link this channel to another so voice is shared between them. |
| Whisper | 0x100 | Send targeted whispers into this channel. |
| Send text messages | 0x200 | Post text messages in the channel chat. |
| Make temporary sub-channel | 0x400 | Create temporary sub-channels that are removed automatically when empty. |
| Listen | 0x800 | Receive audio from this channel without joining it. |
| Fancy Delete messages | 0x1000 | Delete other users’ messages in the channel. |
| Fancy Subscribe to push | 0x2000 | Receive push notifications for activity in this channel. Users with this permission also passively listen to the channel without needing to join it. |
| Fancy Share files | 0x4000 | Upload and share files in the channel. |
| Fancy Share files (public) | 0x8000 | Share files publicly, making them accessible without authentication. |
Root channel permissions
Section titled “Root channel permissions”These permissions are only meaningful on the root channel and apply server-wide.
| Permission | Bit | Description |
|---|---|---|
| Kick | 0x10000 | Disconnect a user from the server. |
| Ban | 0x20000 | Permanently ban a user from the server. |
| Register users | 0x40000 | Register guest users into the server’s user database. |
| Self-register | 0x80000 | Allow users to register themselves on the server. |
| Reset user content | 0x100000 | Wipe avatars, comments, and other profile content from a user. |
| Fancy Key owner | 0x200000 | Marks the holder as a key custodian for the persistent-chat key-share workflow. |
| Fancy Manage emotes | 0x400000 | Add, edit, and remove custom server emotes. |
How rules combine
Section titled “How rules combine”In broad strokes the permissions split into:
How rules combine
Section titled “How rules combine”Within a role or an ACL rule:
- Allow grants the permission.
- Deny explicitly takes it away.
- Deny overrides Allow when both match.
Channel ACLs evaluate top-down, with rules from parent channels inherited unless you override them. See Channel ACL for the full mechanics.
Special subjects in ACLs
Section titled “Special subjects in ACLs”You can target rules at one of these subjects:
@everyone(or*/~all): every connected user.@auth: anyone registered on the server.~in: anyone currently in this channel.~sub: anyone in this channel or a sub-channel.~out: anyone not in this channel.- A specific role name, prefixed with
@. - A specific group name defined on the channel.
- A specific user.
Compatibility
Section titled “Compatibility”Vanilla Mumble clients ignore Fancy-only permissions. For example, a vanilla user denied a Fancy-only flag (such as “delete other people’s persistent-chat messages”) would not see the button at all, because their client does not have the feature.
Pitfalls
Section titled “Pitfalls”- A user has more permissions than expected: look upward in the channel tree for an inherited Allow rule.
- A user has fewer permissions than expected: look for a Deny. Deny wins ties.
- The permission you want does not exist: check the exact label in the admin UI before assuming it is missing. Names sometimes change between server versions.