CollectionService is giving my code instances that it's not allowed to see

Today I started getting this error when testing my game in Play Solo:

The current identity (2) cannot Class security check (lacking permission 1)

It’s happening in my CollectionService GetTagged/GetInstanceAddedSignal handlers for a few of my tags. I worked out that it’s one of my plugins that I use for placing objects that creates copies of models for ViewportFrames in a PluginGui, but it was still a bit of a headscratcher at first since the nature of the error ensures that I can’t get any useful information about the instance in question.

It would be nice if there was a security check done on the C++ side to filter anything out that the current script doesn’t have the permissions to work with. It would also be nice if Instance:GetFullName() was exempted from the security checks if at all possible, even if it’s just in Studio.

2 Likes

Related:

2 Likes

Bumping this because I think it’s a fair expectation that CollectionService:GetTagged() should only return instances available at the security level of the script executing it.

This bug occurs when an instance of a given tag is parented to something inaccessible to game-level scripts, like CoreGui. Say the tag NoCollide happens to be on parts inside of a ViewportFrame, if :GetTagged("NoCollide") is called at the game level it will return a list including those parts inside of CoreGui. When it tries to use this list for anything (use it in a RaycastParams or even just read its contents), the following error will throw:
The current identity (2) cannot Class security check (lacking permission 1)

To reproduce this bug:

  • Create a part, and using the Tag Editor give it any tag you’d like
  • Parent the new part to CoreGui
  • Create a Server Script with the following code:
local CollectionService = game:GetService("CollectionService")
-- Replace this with the Tag you gave the part earlier
local tag = "RandomTag"
for _, model in pairs(CollectionService:GetTagged(tag)) do
    print(model:GetFullName())
end
  • Parent the script to ServerScriptService and make sure it’s enabled
  • Run the game in Play Solo

I feel it is a reasonable expectation that developers running game code shouldn’t have to worry about being accidentally given a handle to instances they don’t have the security to parse. Currently the only workaround for this (if you have parts in CoreGui) is to manually sanitize tags (and trust that other plugin authors will do the same) or perpetually use CollectionService in pcall(), which is unmanageable at scale.

1 Like