Overview

Each player who connects to a Foundry Virtual Tabletop session is a User. Each user is assigned a role which determines what the user has permission to do within the confines of the game world. Permissions can be configured in order to more finely control the features available to users in any hosted World. Foundry VTT has two tiers of permission settings which can be configured to allow as much or as little restriction as needed for your game and your users.

Role Permissions
Chosen when setting up player accounts to assign use a configured set of default permissions for that account type in the Game World.
Entity Permissions
Assigned to each actor, item, journal entry or other entity to allow users to access documents. Entity permissions control how a specific user may interact with that entity.

User Creation and Configuration

Getting Started - User Management
The User Management screen allows you to create, modify, and delete User accounts from your Game World.

Users are created within an active Game World, and the set of users is specific to that world. There are no global, cross-world, user accounts within Foundry VTT, each World maintains it's own player list and user-level permission controls.

To create a new User, click the Game Settings icon (three cogs icon) on the right sidebar, and then click on Configure Players. From here you should see the gamemaster user, and a button that says "Create Additional User." By clicking this button Foundry will create a new generic user slot, usually named "Player 2" or similar.

You can then rename the user, give them a password, and set their permission level. For the purposes of this guide, players don't need to be assigned a role beyond "Player." Also bear in mind that user passwords are not cryptographically secure, and should not be reused from other important accounts or services you or your players use.

Once you've set up all your player accounts click "Save and Return" and you'll be returned to your game. Players can now join and log in with the credentials you've given them. Though there's a bit more setup to do before they will be able to play.

User Configuration Settings

Player Configuration
The Player Configuration application allows a player to choose their preferred character and other User-specific settings.

Once a user account has been created, there are additional configuration options for each User which can be customized by either a GameMaster user or by the player themselves by right-clicking on their name within the Players List at the bottom-left corner of the UI.

User Roles

Role Permission Defaults
The default role permissions for all roles.

Each User has a specific role which configures their basic permission set of actions they can perform within a Foundry VTT game. The role for each User is configured using the User Management page described above. Each of the role levels and their meanings are described below:

None

The User is blocked from taking actions in Foundry Virtual Tabletop. You can use this role to temporarily or permanently ban a user from joining the game.

Player

The User is able to join the game with permissions available to a standard player. They cannot take some more advanced actions which require Trusted permissions, but they have the basic functionalities needed to operate in the virtual tabletop.

Trusted

Similar to the Player role, except a Trusted User has the ability to perform some more advanced actions like create drawings, measured templates, or even to (optionally) upload media files to the server.

Game Master

A special User who has administrative control over this specific World. Game Masters behave quite differently than Players in that they have the ability to see all Entities and Objects within the world as well as the capability to configure World settings.

Assistant

A special User who has many of the same in-game controls as a Game Master User, but does not have the ability to perform administrative actions like changing User roles or modifying World-level settings.

Entity Permissions

Getting Started - Actor Permissions
The Entity Permission Configuration window lets you determine who has control of an entity and its data.

Each entity has its own model for permissions which determine what a particularly user is allowed to do with that entity. To find out more about how entity permissions affect a specific entity, you should examine each entity article: Actors, Items, Journal Entries, Macro Commands

A brief overview of entity permissions:

None
Restricts this entity so that they may not even see this entity in the sidebar.
Limited
The user may interact with this entity in very basic ways, it will generally appear in the sidebar, but the entity sheet will generally display only limited information (as defined by the Game System rules).
Observer
The user has ability to view this entity as if they were owner, but it is a read-only access. They may not make any changes.
Owner
The user is able to view and make changes to the entity as if they were the GM, the only exception is that they may not delete the entity.

API References

To interact with Users programmatically, you will primarily use the following API concepts: