Subusers and Permissions

How to add subusers to your Witchly.host game server and manage their permissions for secure collaboration.

Server Management (10 articles)
On This Page

Subusers and Permissions

The subuser system lets you grant other people access to your server’s control panel without sharing your own account credentials. Each subuser gets their own login and a customized set of permissions, so you control exactly what they can and cannot do.

When to Use Subusers

Common scenarios where subusers are useful:

  • Co-admins who help manage the server and need broad access
  • Moderators who need console access to run commands but should not change server settings
  • Builders or developers who need file access to upload maps, plugins, or mods
  • Friends who you want to be able to start and stop the server when you are not around

Adding a Subuser

  1. Log in to Dashboard and select your server
  2. Click Users in the sidebar
  3. Click New User
  4. Enter the email address of the person you want to add
  5. Select the permissions you want to grant (see the permission breakdown below)
  6. Click Invite User

The invited person will receive an email with instructions to set up their panel account (if they do not already have one) and access the server. If they already have a Witchly.host account, the server will appear in their dashboard automatically.

Permission Categories

Permissions are organized into categories. Within each category, you can enable specific actions.

Console

  • Read Console — View the server console output in real time. Essential for anyone who needs to monitor the server.
  • Send Command — Type and execute commands in the console. Required for in-panel moderation, running game commands, and server management.

Power

  • Start — Start the server when it is stopped
  • Stop — Stop a running server gracefully
  • Restart — Restart the server
  • Kill — Force-kill the server process (use sparingly, as this does not trigger a graceful shutdown)

File Manager

  • Read Files — View and download files through the file manager. Useful for checking configurations without the ability to change them.
  • Write Files — Create, edit, and upload files. Required for anyone managing plugins, mods, or configurations.
  • Delete Files — Remove files and folders. Grant this carefully — accidental deletions can cause problems.
  • SFTP Access — Connect to the server via SFTP using FileZilla or similar clients. Necessary for transferring large files efficiently.

Backups

  • List Backups — View existing backups
  • Create Backups — Create new manual backups
  • Delete Backups — Remove existing backups
  • Download Backups — Download backup archives
  • Restore Backups — Restore the server from a backup (this overwrites current files)

Startup

  • Read Startup — View startup parameters and configuration variables
  • Update Startup — Modify startup parameters (Java version, server flags, etc.)

Database

  • List Databases — View existing databases
  • Create Databases — Create new databases
  • Delete Databases — Remove databases
  • View Password — See database passwords (needed for configuring plugins that use databases)

Schedules

  • List Schedules — View existing automated schedules
  • Create Schedules — Set up new schedules for auto-restarts, backups, etc.
  • Update Schedules — Modify existing schedules
  • Delete Schedules — Remove schedules

Settings

  • Rename Server — Change the server’s display name in the panel
  • Reinstall Server — Reinstall the server software (destructive — resets server files)

Users

  • List Users — View other subusers on the server
  • Create Users — Add new subusers
  • Update Users — Modify other subusers’ permissions
  • Delete Users — Remove subusers

Here are practical permission configurations for common roles. Adjust based on your specific needs.

Co-Admin

A trusted co-admin who helps run everything:

  • Console: Read, Send Command
  • Power: Start, Stop, Restart
  • File Manager: Read, Write, Delete, SFTP
  • Backups: All permissions
  • Startup: Read, Update
  • Database: All permissions
  • Schedules: All permissions
  • Settings: Rename
  • Users: List, Create, Update

Notably, even co-admins typically should not have the Kill power action, Reinstall Server, or Delete Users unless absolutely necessary.

Moderator

Someone who manages the server day-to-day but does not need file or configuration access:

  • Console: Read, Send Command
  • Power: Start, Stop, Restart
  • Backups: List, Create
  • Schedules: List

This gives moderators the ability to monitor the server, run commands (ban, kick, etc.), restart when needed, and create backups as a precaution. They cannot modify files, change settings, or manage other users.

Developer / Builder

Someone who uploads maps, plugins, mods, or datapacks:

  • Console: Read
  • File Manager: Read, Write, SFTP
  • Backups: List, Create

Developers can upload and edit files, create backups before making changes, and view the console to check for errors. They cannot run console commands, control server power, or access settings.

View-Only

Someone who just needs to check if the server is running:

  • Console: Read
  • Power: (none)

The most restrictive useful role. They can see the console output but cannot interact with the server in any way.

Managing Existing Subusers

Editing Permissions

  1. Go to Users in the sidebar
  2. Click on the subuser you want to modify
  3. Adjust their permissions
  4. Save the changes

Permission changes take effect immediately. The subuser does not need to log out and back in.

Removing a Subuser

  1. Go to Users in the sidebar
  2. Find the subuser you want to remove
  3. Click the delete button (trash icon)
  4. Confirm the removal

The server will immediately disappear from their dashboard and they will lose all access.

Security Best Practices

Use the principle of least privilege. Give each subuser only the permissions they actually need for their role. It is easier to add permissions later than to recover from accidental damage.

Be cautious with destructive permissions. Delete Files, Restore Backups, Reinstall Server, and Kill can all cause data loss if used incorrectly. Only grant these to people you fully trust.

Review subusers periodically. If someone no longer helps with the server, remove their access. Stale accounts are a security risk.

Do not share your own login. Always use the subuser system instead of sharing your account credentials. This way you can revoke access individually and track who made changes.

SFTP access uses the subuser’s own credentials. Each subuser connects to SFTP with their own panel username and password, not yours. The SFTP connection details are specific to each user.

Troubleshooting

Subuser cannot see the server: Verify the invitation was sent to the correct email address. The invited user must create a panel account using that same email if they do not already have one.

Subuser gets “permission denied” errors: Check their permission set to ensure they have the specific permission for the action they are trying to perform.

Need to transfer ownership: The subuser system does not support ownership transfer. If you need to transfer a server to another user, contact support on Discord.

Previous

Server Address and Domains

Next

Databases

All Docs Need help? Ask on Discord