Reproduction Steps
Create a group, then create a Moderator role with permissions to modify the group wall, kick members, and see the Audit Log. Disable permissions for other actions like creating/editing games and spending group funds.
Expected Behavior
A player assigned to this Role should be able to view the Audit Log to view wall message deletions and membership kicks.
Actual Behavior
Instead of only being able to audit actions which this moderator role has permissions to perform, a moderator can see all group activities through the audit log, including ones they don’t have permissions to perform. For example:
Save/Publish Place/Configure Group Experience (leaks game updates)
Spend Group Funds (leaks game revenue)
Create Pass/Create Group Item (leaks upcoming game features)
Issue Area: Roblox Website
Page URL: Roblox
Impact: Moderate
Frequency: Constantly