About the Security Model
The Unity Security Model
About GM Levels
Unity has taken a slightly different approach to security. What we have created is a very fine-grained security model that allows the highest level of flexibility for the system adminstrator. Of course, this doesn't come without a price. If an administrator chooses to follow the model completely, there is a bit more complexity to deal with.
Like most emulators, Unity supports multiple GM levels. These will be familiar to most admins who have run other platforms. The rights available at each level are controlled primarily by the commands table in the runtime database. Each successive level includes all the rights of all the lower levels. The supported levels are:
0 (SEC_PLAYER): Normal players have this level. There are generally no advanced privs available to these users.
1 (SEC_MODERATOR): This level will generally include advanced commands that would be needed for a low-level GameMaster.
2 (SEC_GAMEMASTER): This level will usually include all of the commands needed by a regular GameMaster. Such things as ticket handle and confict resolution are normally included.
3 (SEC_ADMINISTRATOR): This is the highest in-game GM level. Administrators generally have access to all advanced commands needed for creating and modifying in-game content, as well as all aspects of player control.
4 (SEC_CONSOLE): This is the system console GM level. It is generally not set for any accounts. The console has rights to all account and system functions.
Security Model
The Unity security model has three levels. These are implemented as follows:
Account-Level Security
This is set with the gmlevel field in the Auth.accounts table. The account-level security is the traditional security model in most emulators. It is very familiar to seasoned admins, and is supported by most external applications out-of-the-box (websites, etc).
Realm-Level Security
This is set in the Runtime.gmlevel_account_override table. It allows the account to have the specified GM level for all characters on the realm. This is generally applied to users that are fully trusted within a specific realm, but who may not need advanced privs in other realms of the server, or in external applications.
Character-Level Security
This is set in the Runtime.gmlevel_character_override table. It allows modified privs only for the character identified by the noted guid.
Although realm-level privs will usually be sufficient for most admins, there are a few areas where character-level privs are a welcome addition to the model. For example, a developer can test new command levels from a single account where each of several characters has a different GM level. This avoids creating several separate accounts (and any potential security issues that may arise).
Another possible use would be to assign GM resposibilities only to a single character for assistant administrators. This way the GM can still have access to the realm on other characters as a regular player. This also makes it possible to tell your players the specific characters that will help them as GameMasters.
Conclusion
While Unity is pleased to provide this level of access control, we are sure some admins may not want to deal with the added complexity. In such a case, rest assured that you can use only the account level security if you so choose.