Lack of Granular Permissions Is a Huge Security Flaw

As a Roblox developer who works with a large team, it is currently too hard to manage permissions without major holes in our security. Permissions provided by groups are too limited:


That last option is essentially a switch between not being able to work on any games at all and having unlimited permissions to do anything. For a team comprised of members with specific roles, there are dozens of entry points for a bad actor to wreak havoc on the group’s games.

Essentially, as anybody who has read up on OpSec will tell you, it’s important that each employee should only have access to what they need to do their job - anything more is a security flaw. A modeler does not need access to the source code or game settings, for example. Roblox should have extremely granular permissions settings on a per-place level.

Here are a few essential permissions to get started:

Can build
Can read source code
Can write source code
Can publish game (different from saving)
Can change game settings
Can change security settings
Can change permissions

Can edit monetization products
Can create monetization products

Can read from datastores
Can write to datastores

Can use in-game developer console

Can view live stats
Can view developer stats
Can view revenue stats

Can view place configuration
Can configure place
Can view game configuration
Can configure game

Can configure localization

Can shut down servers

To address an inevitable concern: Yes, these settings may be unintuitive, but there’s probably a way to implement them that keeps the configuration process simple for casual devs. Perhaps a toggle between Simple and Advanced settings? I’ll leave implementation details up to the engineers.

If Roblox is able to address this issue, I could sleep much more soundly at night knowing a compromised team member’s account could only do limited damage.