Add security settings to InsertService and ModuleScript to allow/restrict usage of public models

As a developer, it is difficult to use models in the Library because there are restrictions to using InsertService, namely it only loads Models in the place creator’s inventory or created by Roblox. It is also difficult to prevent my game from running malicious code, because I cannot restrict public modules from being required and ran in my games.

There should be options to enable or disable loading public Models and requiring public ModuleScripts. The current security rules don’t make sense.

I don’t require public ModuleScripts in my games, so being able to restrict them to my own would benefit me security-wise. Also, many games that use others’ creations can benefit from being able to freely import their Models. Examples are Flood Escape 2 Map Test and Void Script Builder.

Because of the current rules for such games, Crazyblox is having to “flood” his inventory with maps to get them to load in Flood Escape 2 Map Test (pun intended), and in Void Script Builder, people have to leave their models inside of public ModuleScripts to insert them.

If Roblox is able to address this issue, by adding options to enable or disable loading public ModuleScripts and importing Models, it would improve my development experience because it would allow me to set such actions’ security rules more appropriate for my games.


This is all part of a much bigger topic around permissions. Should plugins be able to insert any model they want, should games be able to do the same? What about models you’ve inserted from another player… can they also insert whatever they want?

I’m certainly behind this idea, though I believe it would be better situated inside of a permission system.

1 Like