Problem:
As a developer, it’s difficult to manage who has access to custom developer tools in my game. DataModel.CreatorId/CreatorType provide enough information to recognize the owner of the game/group, but no one aside from that. Examples:
- I add a friend to TeamCreate for a place under my profile, and I have to hardcode their UserId into the developer tools so they have access
- Some group members have game edit permissions, and I have to hardcode the ranks that do have access into the developer tools so they have access
Hardcoding access in developer tools is bad – I can easily end up with users having access when they shouldn’t, or don’t have access when they should:
- I invite another friend to Team Create, but forget to add them to the developer tool whitelist
- I remove someone from Team Create under a place on my profile, but I forget to remove them from the developer tools. If I removed them because of malicious behavior, they can abuse the developer tools
- I change the role of the rank that has access to developer tools (e.g. 50
->100), and they lose access to the developer tools until I come back online - I give/take away game edit permissions for a rank, but they don’t/still do have access to the developer tools even though they should/shouldn’t, as their rank isn’t/is hardcoded into the developer tools
If Roblox is able to address this, I could avoid security issues or painful accidents where developers for my game don’t have access to the tools they need.
Proposed Solution:
In-game API that allows me to query whether someone has game edit permissions.
It would also be nice if the web endpoint for this was more accessible than the group permission API which requires me to authenticate through my main account (no thanks) to check group permissions. I would like to be able to query whether someone has game edit permissions from a 3rd-party site so I can give them access to tools there. I’m fine with authenticating through a bot account in the group, but not my main account.