Ok another one that I've had a shot at searching for and not found what I'm after..

How is security changed/controlled via BeBot?  Things like, I'd like to give Superadmin access to the !settings command, !leader is currently locked to Owner, etc.

How do I add new Admins/SAs via the bot interface?

Thanks

!commands is what you are looking for, which got OWNER access on default.

IMHO default access should be SUPERADMIN or that should be configurable in the config file for first run. The first thing I do on a new BeBot install is to run the bot, kill it, and do a MySQL update to fix security:

UPDATE botname_access_control SET minlevel = 'SUPERADMIN' WHERE minlevel = 'OWNER';

Alternatively, there should be a command that will do this for the user. Clicking through and changing the access for each command across the different channels is too time consuming.

The only thing setting commands to owner does is protect the bot's account owner from installing a module that will read the BeBot config file and send the AO account username/password to someone on command. As the proper way to setup a command is to define the default access level we're not really protecting anything, someone malicious could code their password exposing module to just spam tells on connect, in a cron job, set the command to anonymous access, or even code themselves into the superadmin group.

I created the OWNER level for two reasons:
1. Absolutely impossible to ban the owner from the bot, thus even if they screwed up security totally they should still have access to fix it.
2. To display who was ultimately responsible for the Bot in the !about command.

In truth, anyone hard coded into the OWNER or SUPERADMIN fields is unbannable as no ban check is performed on OWNER or SUPERADMINS defined in the config file.