Hopefully this doesn’t happen large scale as I assume large amounts of people would flock to free paid-games and bring away potential buyers from the official game.
Except it’s very likely we have, but just haven’t realized it. From reports we’ve received, it appears the ability to use the exposed developer functions is very picky and doesn’t always work - especially shutting down the servers.
The ability to leak the game has been around forever with exploiting. The ability to press “Shutdown All Servers” and have a 50/50 chance to succeed as a random player is a serious (and critical) issue.
Not even sure why we’re debating the severity at this point. Even if it was one game (which I STRONGLY doubt it is), the severity of the actions made available to random members doesn’t change.
Reference to what I said before:
THIS should not even be a point of debate.
This is the ONLY report of this right now. Please read up on the rules for the critical tag.
As it’s been reinstated multiple times, this is the first report of possibly many.
Even if the issue is localised to a single game, you’ve confirmed its an issue with Roblox’s backend meaning it could easily be expanded to other games
Have you also tried informing Exploit Reports regarding this issue?
Has all users who have the hammer next to their name able to download the game etc?
In the meantime, I’d advise disabling Team Create and moving your development version to a separate, fresh game, which should clean up any funky behaviour until this can get properly diagnosed.
We’ve always used a separate place for development, and TC is already disabled unfortunately.
This might not be the best idea, but until this is fixed what if you create a copy of the current game and make the original game automatically teleport people who join to the new game?
Team Create does have completely separate permission settings, which can whitelist groups, users, or roles. Definitely worth checking. Your live, production game should also never have Team Create enabled, if you build it in Team Create, it should always be in a separate place file, that the game owner then publishes to the live game place.
For the game devs: That guy “uui” in the video getting edit access… he shows as being “Elite Skater”, whereas most people in the group are just Skater. Has it be doubly and triply checked that this group has no elevated permissions, either in the group role settings or in the team create place settings?
Yes we have checked multiple times, they don’t have access in either place.
That is concerning. Have you also tried putting an alt in each rank and seeing if it gets you access?
Make sure to check the roleset permissions as well, not just the studio permissions.
Check the original post, it has a screenshot of those as well.
Edit: Actually I lied, but we have checked them a million times.
Edit 2: if you use the canmanage API mentioned above, every user who has had this happen it returns false.
Hey unroot,
We are treating this as a top priority investigation to figure out what happened here. Apologies we did not get to this sooner, somehow we missed this post until today. We’ll also review our processes to figure out how we missed such a critical report.
FWIW, that other user you have a screenshot of editing your game “schwiet1972” also has Elite Skater rank. As just a Skater in your group, I can confirm that I am not able to edit it.
You’re definitely right about this – the only rank that this seems to affect is the “Elite Skater” role, which is only achievable by playing our game for a certain amount of time and having a moderator manually rank the users up. Additionally, we haven’t been able to reproduce this bug by demoting developers (@Refactor and I tested this) and also creating an account and ranking it up.
At no point—as far as we’re aware—the Elite Skater role did not have studio access to the game. nvm
This.
While it does seem to only effect that role, it shouldn’t be happening. The role does not have any type of manage powers, and we’ve checked the in-studio settings as well. It’s also completely random, sometimes you will see the options and sometimes you don’t. It should either be you have edit permissions or you don’t.
One user told me he just refreshed the page constantly until it gave him options again. But hopefully a resolution will be presented soon now that Roblox Staff is aware.
Thank you @Seranok
Good to know! I’m not suggesting it’s something you set up incorrectly, or that the role got compromised. It’s just that any correlation like this is worth noting as a possible clue of where things are going wrong, in the event that it’s a bug in one of the permissions systems.