More flexibility with locked instances

This could be an awful idea, if it is, don’t just reply being rude plsthank.

Anyway, I’m more of a UI developer but I decided I wanted to try and make a system where some common exploits could be patched and detected so the user could be removed from the server, but the problem I keep running into is locked by Roblox Class security.

I’m trying to get the name of the instance, but am met with an error like this:

The current identity (2) cannot Class security check (lacking permission 5)

Why can we detect when a child has been added to game but not recover the name of the child. This would be good because it’d allow us to check if anything is being inserted into game or other instances that shouldn’t be there such as exploit menus or DEX.

Why can’t you allow us to basic operations on these classes such as name recovery and the dependency/ancestry of them?


Exploits originate on the client, so having a script that detects everything added to game is not necessary, and even if it did in theory not have locked instances, you would still not be able to see what is added to the client.

That being said, why don’t we just have a script on the client that just detects anything added? The problem with that is that it is not very secure at all, you see, we should assume anything that is on the client can be changed by exploiters, so client side anti-exploit is useless.

Here is a guide on how to secure your game written by Hexcede:

Hello. The topic you’re raising is not appropriate for this category. You seem to be seeking to request a feature - this belongs under #platform-feedback:engine-features. If this is not the case, it’d be more suitable for #development-discussion.

Please be sure to read the respective category guidelines in the future so you know where to place things. :slightly_smiling_face:

If you are interested in writing up a feature request, be sure to check out the requirements for one. Without a strong use case, it’s unlikely that it’ll be considered. A lot of replies will come in telling you that this isn’t a good idea.

As it is, your case is fairly niche and can be combated easily, there’s no real point in this. Clients can easily circumvent these kinds of things. Focus on securing the server rather than on what the client is doing! If their exploits have no damage value or have been mostly mitigated, you’ve done a good job - just go up from there.

A final note - if you come across a category you cannot post in or you’re unsure of where to post something, please see the Post Approval Process in the rules. The Community Post Approval team will review your post accordingly to determine if it’s appropriate for a sort or is of sufficient quality to be posted to a certain category.


Please use search to look for an existing feature request (this sounds familiar) or create one via Post Approval as described above.

Do not misuse categories.