As a developer, it is impossible to create an interactive community with group games.
User Types, Use Cases, and the Benefits of Fulfilling Them:
The Game Fan Group:
Groups like berezaa Games, Pokemon BrickBronze Version, and StyLiS Studios are communities for the game(s) hosted by the group. There’s not much interaction with the community aside from shouting update statuses and posting on the group wall, so there’s not a whole lot of incentive to join the group. Tying in ranks with in-game achievements could help these communities grow:
- Allow groups to expand their ranks past “Fan”, “In-Game Moderator”, “Developers”, “Owner” because anything past that is too much manual work
- Encourage user interaction with the community by rewarding then with ranks based on in-game achievements for status
- Currently BrickBronze does this manually for all 700,000 of their members!
- Allow subcommunities of the game to exist in the group as well
- This past RDC, ROBLOX mentioned they wanted to make forums a group/community thing. Being able to manipulate communities in-game would allow me to do something such as move users into ranks based on which of the six races they’re in and give them access to exclusive forums and walls
The Roleplay Group:
There are various kinds of roleplay groups. Some are military-based and have ranks like recruit, private, … officer, etc. Some are based on real life and have ranks such as “stylist”, “dresser”, “designer”, etc. These ranks are critical to the interactiveness of the community, so these groups spend enormous effort managing roles in the group. A war group might host a training and manually promote every single attendee afterwards. A coffee shop roleplay group may log users’ hours in the DataStore and then request members PM them for promotions when their hours are above a certain amount. The ability to modify ranks through the Lua API would:
- Save these groups a tremendous amount of effort by removing the need to manually manage ranks for the masses
- Save these groups, which notoriously have trouble bringing in talented programmers, the hassle of needing to have a member who knows how to write web bots
- Save these groups which may not make money the revenue they’d have to expend paying someone to write them a web bot and paying for a server to host it on
- Save these groups the headache of relying on free web services which have regular downtime or insane rate limiting
Server scripts in group games need to be able to modify the ranks of members through a Lua API, potentially the ability to exile members as well. Accepting/denying join requests might be useful as well, as there are groups who require users to complete a challenge and earn a badge before being manually accepted into the group.
It would not be great for someone to insert a free model into their game, or somehow some is able to run server code through an exploit, only for malicious code to demote everyone to the lowest rank or remove them from the group entirely. To address these concerns, ROBLOX should provide a private key in Group Admin only visible to the owner which is needed to use the API methods for changing rank/etc. The owner should also be able to control the maximum rank the group games are able to change. This is about as secure as current solutions utilizing a web bot.
There are further security concerns:
- What do you do if your server scripts are leaked?
- Someone both has to have your leaked game and access to run server code, so this is probably unlikely
- What do you do if one of your developers who has edit access finds the API key in a script and uses it to exile everyone?
- Maybe there’s a need to whitelist script hashes instead of using a private key to prevent tampering by users who don’t have permission
- This is also possible with people abusing admin priveleges in a group, so maybe the solution isn’t to protect the key, but to render admin abuse ineffective by being able to revert rank changes and pending exiles which can be undone