Is having a password system to access a panel only for my staff allowed?

Recently I was making a moderation panel Login and was wondering if it was allowed on Roblox, it only appears to people who are working in my group.

They have to type in the password u provided for them. Is this against Roblox Terms Of Use?

1 Like

Aslong as its not their roblox password, you’re good.

1 Like

Hmmmmm should I add any things to make it look like it’s not a scam?

While this is allowed, you should consider just giving your moderators permission through saving their userId in a datastore table of mods. Using datastores is more secure and easier on the moderators.

Yea but their account could get compromised which is why I am doing this.

So your password ui is just a secondary layer of protection? As long as it is not the only protection it is a good idea. You shouldn’t need to worry about it looking like a scam if the ui only pops up for moderators that are stored in a datastore. Remember to hold and verify the password on the server.

Their account being compromised, then the hacker specifically going for your game to do damage is highly unlikely. In my opinion, it doesnt really seem like that useful of a feature.

Yes it’s basically appears to only specific people and I added the password just in case if there accounts get compromised and kicked them out if the game if they fail to login three times to prevent any bad things from happening.

The password is a second layer of protection, when they type the password, it gives them access to the moderation panel, so if there accounts get compromised they won’t be able to access it:

(Preface, if in doubt check the TOS)

Like @lexishh said

As long as its a unique password, not the one used for their account, you should be alright. This would password likely wouldn’t compromise their account. Wouldn’t this be like using a keycard to get access to a staff room?

Be sure to do make the password checking on the server so hacked clients cannot bypass it. Also never send the pass to the client and only keep it on the server side.

Yea it sorta like a keycard in jailbreak, but only my staff gets it.

Its stored on startergui for the password.

If It is stored on the client, then an exploiter can access it. If your admins got hacked then the hacker will probs have an exploiting client. So store it on the server.

1 Like

Sorry if this is a bad question, but which part of the Roblox studios is the client? Like workspace, serverscriptstorage, etc.

I’d suggest calling it something like an “access key”, and also, you should store the keys on the server-side and validate the submitted key with a remote event.

Which part of Roblox studios is sever side I’m sorry if it’s a bad question.

Its a perfectly fine question, Things like serverscriptstorage, serverstorage are only viewable by the server. Workspace, Replicated storage, and replicated first are both viewable by the server and client

I know there’s a solution but this topic has been covered countless time and I just want to say I don’t believe the solution is correct. As it’s been stated by people including my self collecting personal data no matter what it’s used for is not allowed by the TOS and COPA law (COPA is for >13). Personally if I were you I’d just add some sort of script where users, groups, or group ranks can only access this panel or stick with the traditional add admin command. Remember it’s very risky cause some users might make the password their current password or they might be logged wether that’s by someone intercepting it or the person who made it which is highly in violation of the TOS and US/UK/Etc Laws.

1 Like

The password is provided for them and only my staff can access it.