To be clear, I know “Organizations and Permissions” is already on the roadmap, but I do want to highlight some of my (many) pain points:
- I want the ability to scope access to the Developer Console, in-game player list badge, GUI hiding, etc. (I’m a bit confused as to why this hasn’t been exposed through SetCore in some way already though.)
- The ability to scope between “Analytics” and “Monitoring”, rather than being combined.
- “Spend group funds” needs to obviously be split into view & spend. I also would hope for some of the weird behavior with it to be fixed.
- A “Payout group funds” & “Configure Group” permission.
- Proper read/write asset permissions. (The current “write-only” toggle in groups is confusing and restrictive to use on the user side because it doesn’t show up in the Creator Hub.)
- Auditing should be easier and more verbose. I expect to see what was specifically changed in an audit log, not just that it was changed.
- User vs Group experiences should have reasonable consistency in behavior. This behavior seems to keep changing somewhat frequently, on the user side, but right now on the user side I expect to:
- Access avatar settings without being the place owner
- Have scoped permissions for accessing analytics/monitoring
- Audit Logs on user experiences (related: “Experience Activity History” on roadmap)
- The ability to download certain place revisions through Web API, without reverting the place. This currently will return an unauthorized error. (This affects Studios feature for this in Game Settings → Places → Version History & third-party tools)
In general, I would like to see Roblox provide large amounts of flexibility with the scopes, I expect to be able to control most aspects of groups/experiences, and who can grant them. I really don’t want another Beta Feature that has a ‘Manage’ permission, to be removed after it comes out of beta and I don’t want everything locked/limited behind a single group owner role either.
If Roblox could resolve these issues, I would feel much safer and confident knowing nearly everything is not behind either a singular user or a few ‘nuclear’ permissions, while also being up to industry security standards.
