NimbusPermissions Guide
Set up and manage Nimbus's built-in permission system — groups, inheritance, tracks, prefixes, wildcards, metadata, and LuckPerms integration.
Nimbus includes a built-in permission system that works out of the box with zero extra configuration on backend servers. All permission data is stored centrally on the controller and synced to every server in real-time. This guide walks through practical setup -- for the full config reference, see Permission System.
Built-in vs LuckPerms
Nimbus supports two providers:
| Built-in | LuckPerms | |
|---|---|---|
| Setup | Zero config -- works immediately | Requires LuckPerms + shared database |
| Storage | Controller database (SQLite/MySQL/PostgreSQL) | LuckPerms database |
| Management | Console perms commands, REST API, /cloud perms in-game | LuckPerms web editor + commands |
| Proxy integration | Automatic (tab list, chat prefixes) | Nimbus syncs display data from LuckPerms |
| Best for | New networks, simple setups | Migrating from LuckPerms, advanced features |
If you are starting fresh, use the built-in system. It handles everything from a single place.
Quick walkthrough
1. Create permission groups
Every network needs at least a default group, a donor rank, and a staff rank:
# Default group -- auto-assigned to all new players
perms group create Default
perms group setdefault Default true
perms group setprefix Default <gray>
# VIP rank
perms group create VIP
perms group setprefix VIP <gold>[VIP] </gold>
perms group setpriority VIP 50
perms group setweight VIP 50
# Admin rank
perms group create Admin
perms group setprefix Admin <red>[Admin] </red>
perms group setpriority Admin 100
perms group setweight Admin 100Priority controls which prefix/suffix is displayed when a player has multiple groups (higher wins). Weight controls permission conflict resolution. In most cases, set them to the same value.
2. Add permissions to groups
perms group addperm Default essentials.spawn
perms group addperm Default essentials.msg
perms group addperm Default essentials.tpa
perms group addperm VIP essentials.fly
perms group addperm VIP essentials.hat
perms group addperm VIP nimbus.join.full
perms group addperm Admin *3. Set up inheritance
VIP inherits all Default permissions. Admin inherits all VIP permissions (and therefore Default too):
perms group addparent VIP Default
perms group addparent Admin VIPNow Admin has: all Default perms + all VIP perms + * (everything).
4. Verify with group info
perms group info VIPThis shows the group's prefix, permissions, parents, meta, and weight.
Prefixes and suffixes
Prefixes use MiniMessage format. Common patterns:
# Simple colored prefix
perms group setprefix VIP <gold>[VIP] </gold>
# Gradient prefix
perms group setprefix MVP <gradient:#ff6b6b:#ee5a24>[MVP] </gradient>
# Bold + color
perms group setprefix Admin <red><bold>[Admin]</bold> </red>
# Suffix example
perms group setsuffix VIP <gold> *</gold>These prefixes appear in the tab list and chat automatically via the proxy sync system. No extra plugins needed on Velocity.
Creating a promotion track
Tracks define an ordered path through groups for promotion and demotion:
perms track create ranks Default,VIP,MVP,AdminNow promote and demote players along this path:
perms user promote Steve ranks # Default -> VIP
perms user promote Steve ranks # VIP -> MVP
perms user demote Steve ranks # MVP -> VIPA player can only hold one group per track at a time. Promoting removes the current track group and assigns the next one.
You can create multiple tracks for different purposes -- e.g., a ranks track for donor ranks and a staff track for staff roles (Helper, Moderator, Admin).
Assigning players to groups
# Add a player to a group
perms user addgroup Steve VIP
# Remove a player from a group
perms user removegroup Steve VIP
# View a player's groups and permissions
perms user info StevePlayers receive permission updates instantly -- no relog required.
Wildcards and negation
Wildcards
| Pattern | Matches |
|---|---|
* | Every permission |
nimbus.* | nimbus.cloud.list, nimbus.cloud.start, etc. |
essentials.teleport.* | essentials.teleport.tpa, essentials.teleport.tphere |
Negation
Prefix a permission with - to deny it, even if a wildcard or parent group grants it:
# Moderators get all nimbus commands except shutdown
perms group addperm Moderator nimbus.*
perms group addperm Moderator -nimbus.cloud.shutdown
# VIPs get all essentials perms except god mode
perms group addperm VIP essentials.*
perms group addperm VIP -essentials.godNegation always wins over wildcards during permission resolution.
In-game management with /cloud perms
The bridge plugin exposes all permission commands in-game via /cloud perms:
/cloud perms group list
/cloud perms group create Builder
/cloud perms group addperm Builder worldedit.*
/cloud perms group setprefix Builder <aqua>[Builder] </aqua>
/cloud perms user addgroup Steve Builder
/cloud perms user promote Steve ranksRequires the nimbus.cloud.perms permission.
The /cloud command is also aliased as /nimbus. All perms subcommands work identically to the console versions.
Debugging permissions
Use the check command to understand exactly why a permission is granted or denied:
perms user check Steve essentials.flyThe output shows the full resolution chain -- which group granted it, whether it was an exact match or wildcard, and whether any negation was applied.
Metadata
Groups and players can store arbitrary key-value metadata. Useful for custom plugin data accessible via the API:
# Group metadata
perms group meta set VIP color gold
perms group meta set VIP join-message <gold>A VIP has joined!
# Player metadata
perms user meta set Steve coins 500
perms user meta set Steve kit-cooldown 3600
# List metadata
perms group meta list VIP
perms user meta list SteveMetadata is available via the REST API at /api/permissions/groups/{name}/meta and /api/permissions/players/{uuid}/meta.
Switching to LuckPerms
If you prefer LuckPerms for its web editor, contexts, or verbose logging:
- Install LuckPerms on all backend servers with a shared database (MySQL/PostgreSQL)
- Edit the NimbusPerms config on each backend:
# plugins/NimbusPerms/config.yml
provider: luckperms- Nimbus will read display data (prefix, suffix) from LuckPerms and sync it to the proxy for tab list and chat formatting
When using LuckPerms, permission storage and resolution happens entirely in LuckPerms. Nimbus only syncs display data to the controller. The console perms commands manage the built-in system, not LuckPerms groups.
Alternatively, disable NimbusPerms deployment entirely and manage everything through LuckPerms:
[permissions]
deploy_plugin = falseNext steps
- Permission System Reference -- Full config reference, database schema, API endpoints
- Proxy Setup -- Tab list and chat format configuration
- Commands Reference -- All
permsconsole commands
Bedrock / Geyser Setup
Enable Bedrock Edition crossplay in Nimbus with Geyser and Floodgate — auto-configured for mobile, console, and Windows 10/11 players.
Punishments Guide
Network-wide bans, tempbans, IP bans, mutes, kicks, and warnings with proxy-side enforcement, scoped punishments, and editable kick/mute messages.