As a Roblox developer who works with a large team, it is currently too hard to manage permissions without major holes in our security. Permissions provided by groups are too limited:
That last option is essentially a switch between not being able to work on any games at all and having unlimited permissions to do anything. For a team comprised of members with specific roles, there are dozens of entry points for a bad actor to wreak havoc on the group’s games.
Essentially, as anybody who has read up on OpSec will tell you, it’s important that each employee should only have access to what they need to do their job - anything more is a security flaw. A modeler does not need access to the source code or game settings, for example. Roblox should have extremely granular permissions settings on a per-place level.
Here are a few essential permissions to get started:
Can build
Can read source code
Can write source code
Can publish game (different from saving)
Can change game settings
Can change security settings
Can change permissions
Can edit monetization products
Can create monetization products
Can read from datastores
Can write to datastores
Can use in-game developer console
Can view live stats
Can view developer stats
Can view revenue stats
Can view place configuration
Can configure place
Can view game configuration
Can configure game
Can configure localization
Can shut down servers
To address an inevitable concern: Yes, these settings may be unintuitive, but there’s probably a way to implement them that keeps the configuration process simple for casual devs. Perhaps a toggle between Simple and Advanced settings? I’ll leave implementation details up to the engineers.
If Roblox is able to address this issue, I could sleep much more soundly at night knowing a compromised team member’s account could only do limited damage.
Related: