Request

The new group role management page feels like walking on golden egg shells right now and isn’t very intuitive.

Please address some of these concerns before forcing me to use the new role system, as new settings such as the View Data Stores Manager is confusingly only available to the new Role system, not Legacy.

List of Concerns

Why can’t Legacy Roles be edited here? What happens if I add a member from a Legacy Role into a new Role?

image1327×1074 157 KB

My group has hundreds of members in various roles for testing and attribution, it would take a significant amount of time to port each user over via manually typing in each username.

I also worry that I may incorrectly type a username and instead be shown an impostor. Luckily, user ID works in this field, but that isn’t displayed anywhere in the UI.

image1023×788 82.5 KB

The ability to Grant all permissions to every member in the group is horrifying, please remove it immediately, I think I might have a nightmare about this tonight…

image945×571 45.6 KB

In a similar vein, I feel like developer related permissions (editing games, API key management, spending group revenue) should be under its own entire top level category and locked behind a bunch of different prompts and “danger zone” warnings. This new UI feels way too easy to accidentally give the wrong person critical permissions to my entire business.

image677×923 81.3 KB

I definitely prefer the old UI for readability and being able to quickly tell a mistake before clicking Apply. It just feels a lot more “comfortable” and easy on the eyes, which is important when making super critical permission changes.

image888×778 67.4 KB

That’s it for now, thank you for listening to my concerns

i thought the title was an exaggeration but no, its just true. im terrified

Yeah, 100% I agree with this. The amount of times I’ve been scared to go on this page just in order to avoid accidentally giving the wrong permission to the wrong person is insane

Hey! Thanks so much for taking the time to write this up, it really helps us make sure we’re delivering the best possible product. Please keep it coming! I thought I’d quickly respond to your questions below -

Once we have full feature-parity on the new system, we will be removing creation permissions from Legacy Roles, and they will just become Community Roles. As a result, they just work together (a user has permission to something if they have permissions from a new, or an old role), and it doesn’t make too much sense for us to build new features (ie Legacy Role editing in Creator Hub) on a feature we’re actively working towards deprecating.

My group has hundreds of members in various roles for testing and attribution, it would take a significant amount of time to port each user over via manually typing in each username.

We are looking into releasing a single click role transfer system for this very problem! I realize porting over is a bit of a hassle, and this would make it a lot easier.

The ability to Grant all permissions to every member in the group is horrifying, please remove it immediately, I think I might have a nightmare about this tonight… In a similar vein, I feel like developer related permissions (editing games, API key management, spending group revenue) should be under its own entire top level category and locked behind a bunch of different prompts and “danger zone” warnings. This new UI feels way too easy to accidentally give the wrong person critical permissions to my entire business.

Groups are for creation, and for creation only. This means all permissions a Group role can have is around creation access, and we would expect these higher risk permissions to be handled as such. We are also wanting to add some confirmation dialogues on ‘bigger’ actions just to double check intent as well though, I agree this would build some more guard rails around that.

Thanks for the replies! I appreciate the reassurances, and the role transfer system sounds like it will solve my major complaint.

Once we have full feature-parity on the new system, we will be removing creation permissions from Legacy Roles, and they will just become Community Roles.

This is fine as long as the concerns over guard-rails and ease of use are addressed

Groups are for creation, and for creation only. This means all permissions a Group role can have is around creation access, and we would expect these higher risk permissions to be handled as such. We are also wanting to add some confirmation dialogues on ‘bigger’ actions just to double check intent as well though, I agree this would build some more guard rails around that.

My concern around being able to grant all permissions to every member in the group is that its a huge catalyst for accidents and abuse.

For example, my group roles are as such:

• 4 Co-Founders
• 5 Developers
• 9 Contributors
• 64 Testers
• 370,000 Followers

99.977% of my group are players who should never, ever, have access to edit my game. I don’t see the purpose in having a proverbial red nuke button that could accidentally be toggled on, or turned on by a hacker, that would result in disaster.

In my opinion, any legitimate use-case for this button is overshadowed by the huge increase in risk it poses by it existing.

My suggestion would be to just grey out that option under the “Member” general role, while still allowing that option for manually created roles.

Lastly, regarding the Legacy group permissions page, I think the reason why it feels more favorable to me is because the categories and text padding leads to a more succinct visualization.

Its easier to read and double-check before clicking Save.

I’m going to assume it’s most useful for groups that mainly are just developers in them, but yeah, I’d saying having possibly an email verification or something along those lines would be helpful

Chances are if someone has actually hacked into your account and wanted to, they would already have a script ready which could enable every permission at once. at best all removing the permission would do is add a minor inconvenience for such a person.

What would probably be better is a “hey! this is a really dangerous permission, make sure you meant to do this!” warning any time you try to enable the permission.