Grant publish access to specific Experiences, and more!

Is there any chance you’re planning splitting analytics permissions into performance & finance?

Finally. This is unbelievably useful.

Valid, I am sure if Roblox put their heads together to think of a solution they can. Its a very needed feature when working in bigger studios/games

Finally, really excited to try this! Do you plan to allow us to specify such permissions per-place as well? That would be helpfull as well! Thank you nevertheless though

If that becomes a feature I think there should be a minimum of a one month cooldown between moves and the group should have a member minimum.

awesome!! this is reallly useful imo.

Thank you!! This is something I was waiting for!

Took way too long, but it’s finally here. Very great feature, as I won’t have to worry about other devs accidentally publishing an unfinished update.

This is completely pointless, as you have access to the assets. And the assets are downloaded to your device anyway.

Just don’t give them edit access, they can just copy everything in your game to another place with Ctrl + C anyway.

When collaborating with someone you haven’t worked with in the past and who has no past experience to show or proof to show they’re genuine, you have no way to know if they have bad intentions.

You could theoretically not share the game with anyone, but that ruins the purpose of collaboration…

I think a “anti-copy” permission would cover everything rather than a “Remove Download” permission.

For everyone asking for an “anti-copying” feature, I just don’t see that being something being feasible.

One must remember, you do not need to download or copy and paste to steal assets. Backdoor scripts that can copy full places have existed for a long while. With HTTP service and you can export that remotely with one quick command line script. (the full list of Roblox instance properties has been out for a long time, serializes also exist). Don’t forget, hacked roblox clients were able to just download entire maps and local scripts (how many copies of the adopt me map are in toolbox?), while byfron has been doing a number to keep them away, the fact of the matter is that it is a game of cat and mouse

If you’re working with developers whom you don’t can’t trust to not steal your assets, then you should have them work in alternative places and send them only the assets they need. You can also sign contracts that clearly indicate who owns the IP, you can enforce DMCAs, or just not work with them at all.

Also for the record, as a developer, if I am hired to work directly in a main studio place, I would never trust a studio whom denied me the access to basic features such as downloading local copies or allowing me to edit assets within other studios.

1. It shows an immense lack of confidence in their own developers. If they can’t trust their own developers, how can I trust them to ensure the project gets completed. And
2. In a main game, test place environment, I will need to save to roblox as / publish to roblox as, from the test place to the main place.
3. More often than not, I’m editing UI assets in a separate place as to not interrupt the workflow of other developers in the main studio, I’ll copy assets to a baseplate to edit or create a mock prototype.

Roblox should be allowing better offline, this would be going the opposite direction.

There is game settings to disable HTTP stuff. perhaps the anti-copy permission may check HTTP calls to make sure there is no huge amounts of data being sent and if so error.

As for hacking the client, there is not we can do but I would much rather people have a harder time stealing then no layers of defense at all.

It reminds me of a time where my friend had script drafts and I have to wait for my friend to accept the draft for it to work (at least from what I remember). I finally got them to disable drafts later. Drafts to me feel like a way to double check new developers work so I know Roblox may consider an anti-copy since they have similar things for unsure trust.

Love the new roles system, and this change continues upon a great streak of additions to the system as a whole, but my main complaint so far has to be the lack of any sort of engine api that would allow us to see what roles a user has. I believe it was mentioned that there would be something for this back in 2024 when the new roles initially dropped but as far as I know, but nothing has been added yet. When can we expect to see something for this? Like many developers my projects have in-game admin systems that are restricted to users with the legacy group roles, being able to restrict access to said system with the new roles system would be useful to me as my groups contain multiple games, each with differing qa and support teams. Having some sort of engine api would allow me to do this and I am sure there are other practical cases that exist for this.

Does this fix the issues with animations not loading?

Wouldn’t this be an incredibly useless use of engineering resources to implement considering anyone who really wanted to do it could either go straight to the download endpoint or use an exploit to download the contents from studio?

(BUG) Amazing feature just tried this on my alt account, there is a bug though:

• You can’t see the Group Experiences that you can edit / Group in studio
• You can’t see the Group Experiences that you can edit in the Creator Hub

grafik2247×879 21.2 KB

grafik1992×671 29.2 KB

yeah, if the cooldown is like 1 - 3 days, people will abuse it…

Hey folks, thanks for the feedback:

I’m not sure how practical this all is – the Studio client on their device needs to be able to download something so they can actually work on the game. As long as that mechanism needs to be there when they have access, they will be able to access the place content.

Even if we remove the ability to direct download a .rbxl, a bad actor can still create a tool to use whatever Studio is using at any point to reconstruct the experience from whatever endpoints are exposed to those clients.

If you want us to hide the download button from the UI but you’re okay with accepting the risk that a sophisticated bad actor can still download the content through stitching together the endpoint calls themselves, we can consider that, but it will not solve the issue entirely.

Hope that makes sense!