As the Developer Marketplace expands and more creators are contributing awesome content, we want to continue to ensure that all of you can have full confidence in using community plugins. Our team has been focused on providing a suite of content security permissions, including Plugin HTTP Permissions and Third Party Sales & Cross Game Teleport Permissions.
Today, we are excited to announce another addition: permissions to control plugins from managing scripts in games. Management of scripts extends to adding or modifying existing scripts in your game’s data model.
How does it work?
- The first time that a plugin tries to manage a script in your data model, you will see a dialog message pop up and ask if you would like to grant it permission to do so.
- If the permission is denied, the plugin will be prevented from managing scripts in the data model.
- If the permission is granted, the plugin will be able to manage scripts in the data model.
- At any time, you may navigate to Plugin Management to adjust your settings.
- If permissions have been denied for the plugin and the plugin then fails to work, you can use errors in the output window to help yourself troubleshoot.
In Plugin Management:
- This will work for published plugins only - if you are working on a script locally, you will need to publish it to be able to test how it behaves on a user’s machine.
- Script, ModuleScript, and LocalScript parented to any DataModel - if your Plugin adds a child script in a self-modifying way, then that qualifies.
- Source and Parent properties as well as Instance.new(“script type”, inDataModelParent)
There are a number of other efforts for content security across Roblox that are not Studio Plugin specific, and we recognize that developers on the forum who see our announcements like to ask, “I see X exploit so often in Y content type.” We acknowledge and appreciate that kind of feedback, and are working on a number of efforts to improve your experience in parallel with this effort.