I’m feel secure and I’m very excited with this. I’m also glad roblox devs are doing this right now slight_smile:
so meaning this one
… can able not to run from the part of a Script with “require” function NICE!
First off this is great!!
Second, I have a suggestion:
For more fine-grained control, could you guys add restrictions on access to specific APIs and specific Instances? (Like add a property that is a table of instances that will be whitelisted/blacklisted that includes each instances’ descendants)
I have a game that lets players load their own models and currently I have to check each model with a backend before it gets loaded (when the Ban API came out someone went and banned everyone in the group, so I had to do that). If there were a way to restrict access to the Ban API and other things (for example, I would only want that model to be able to modify its descendants, but it should also be able to manipulate player GUIs, etc)
Not sure if I was clear with this but great feature overall!!!
1 Like
^ this. I would prefer allowing for a fine grain control. I would like to have scripters to have freedom messing around with the game including stuff outside of the sandbox but rather restrict certain apis such as the ban api in particular. The majority of issues with loading scripts is that backdoor access to apis regarding kicking, banning, and scripts that use apis to get backdoor access to all servers… This only thing needed for this to be 100% helpful is full api control and once thats implemented it would help everyone.
1 Like
I was messing around with the sandbox and I noticed that it’s impossible to create Sound instances. Is this intentional? I would expect this to be possible with the Audio group, or at least the Basic group. Is there a reason for this?
1 Like
While we will try to keep it stable as possible during the Beta, there is still a chance for breaking changes until it’s finalized.
For now, it can be treated as opaque in binary serialization.
We have plans to make the property publicly scriptable in the future, currently that API is for built-in Studio plugins only.
We will look into adding it for ModuleScript. You can still put them under a Folder and the intent was that it will be configured for groups of things and not often individually. Problematic if the root is a ModuleScript of course.
2 Likes
We will look into providing access to ReplicatedStorage and other services that are essentially ‘folders’ under AccessOutsideWrite.
3 Likes
We do have plans for an API to run a function under a custom timeout, but it’s only in early design stage with problems on how to handle functions using task library methods that have to be solved.
There are other exhaustible shared resources we are considering and there will probably will remain a way to escape a resource limit, our aim is to prevent unrecoverable data changes from being made.
We have something for this use case planned and will share details later.
1 Like
New Audio APIs are available using the Audio capability.
Unfortunately, capability for legacy sound APIs was added a bit late for the current release and will come in an update.
1 Like
Giving access to folder-like services via AccessOutsideWrites would essentially bring back a game I previously had to shut down due to scripting vulnerabilities (Abuse of Ban API, InsertService etc) without having to tell hundreds of its creators (most who will have moved on) to update their maps.
Please make this happen 
7 Likes
Modules required with require(id) seem to escape the sandbox of the requiring script’s container.
I was able to ban myself with Players:BanAsync() using only the RunServerScript and AssetRequire capabilities.
5 Likes
Using getfenv or setfenv is entirely broken when sandboxed even when allowing all permissions, is this intentional due to its enviornment changing nature? Because I had the enviornment sandbox option turned on.
The current thread cannot call 'getfenv' (lacking capability Unassigned)
1 Like
Yes, getfenv and setfenv are not available because they break out of our Sandbox.
1 Like
Will this prevent exploiters from inserting scripts into places like CoreGui?
Hey there, I was acc reading about this lol 
So does this exactly prevent exploiters fully?
This feature has nothing to do with exploits
2 Likes
Noticed I can no longer call game:getdescendants() without an error.
“The current thread cannot access ‘StreamingService’ (lacking capability Assistant)”
I currently do this to iterate through all parts of the game in order to properly setup sounds, clean up some welds etc. Feel like this behavior doesnt need to break, rather it should just not iterate over stuff like StreamingService
Still a problem! When’s the next update?
StreamingService issue is not exactly related to this feature, that issue should now be fixed.
1 Like