Setting Permissions
There are two distinct things to control:
- Panel access - who can open the admin panel (full access to everything).
- Command permissions - who can run which chat commands (
/giveitem,/clearinventory, ...).
Panel access is the only required setup. Command permissions are managed in-game from the panel.
Panel access (full)
The panel is gated by a single ACE: one_inventory.admin. Grant it in server.cfg to a single identifier (recommended) or to a whole group:
# Single identifier (recommended for owners/devs):
add_ace identifier.license:abc123... one_inventory.admin allow
# or a whole group:
add_ace group.admin one_inventory.admin allow
one_inventory.admin is full access: it opens the panel AND allows every admin action and command. It cannot be self-granted from inside the panel. Keep it to owners and developers.Without one_inventory.admin, the panel cannot be opened (/inventory:manage is permission-checked).
keybindAdmin) is unbound by default. Set it in the admin panel's Config tab if you want a key to open the panel instead of the command.Per-group command permissions (the easy way)
Open the panel's Permissions tab (under Configuration) to manage who can run which commands:
- Add or remove groups.
- Toggle each group's allowed commands individually, or flip Enable all commands for a group.
Group names are matched against the player's framework permission/group, so this works the same regardless of how the rank was assigned.
admin group is seeded with all commands on every framework. On QBCore/QBox the god group is also seeded. Existing staff therefore work immediately; tweak per-group from there. The seed runs once, so groups you remove stay removed across restarts./inventory:clearsession is console-only and ungated, so it never appears in the matrix.All commands via ace (optional)
For a pure-server.cfg shortcut, grant every command to a principal with the one_inventory.commands ace:
add_ace group.admin one_inventory.commands allow
This grants all commands to that principal (but not panel access, which always requires one_inventory.admin).
qbcore.admin resolves to the admin group and you ace one_inventory.commands to qbcore.admin, every command works for that group regardless of what the admin group is allowed in the Permissions tab.Framework nuance
Only relevant for the group matrix or the optional commands ace.
Easy: the player's group string (admin / superadmin / ...) is used directly, so the seeded admin group just works.
A player's admin / god / mod rank is resolved via QBCore.Functions.GetPermission. Per the official QBCore docs, that rank is assigned in-game (/addpermission) or explicitly in server.cfg via add_principal identifier.license:xxx qbcore.god.
Simply being in group.admin does not make a player qbcore.admin / god - QBCore's inheritance runs the other way. The matrix matches the player's actual qbcore rank (god / admin / mod) however it was granted, and the seeded admin + god rows already cover standard installs.
If you use the one_inventory.commands ace on QBCore, ace the qbcore principals (e.g. add_ace qbcore.admin one_inventory.commands allow) rather than group.admin, since group.admin only reaches qbcore.god via inheritance.
qbx_core uses an ACE-based permission model (ranks via server.cfg principals / txAdmin). The matrix matches its admin / god ranks; the one_inventory.commands ace works as a framework-independent shortcut.
Verify exact behaviour against your installed qbx_core version.
Customizing the gates
Two overridable functions live in server/integrations/opensource.lua (open-sourced, safe to edit):
src has full access: opening the panel AND every other permission. Swap the one_inventory.admin ace gate for any custom check (framework group, custom function, ...).