Sharing data between places

Feature Requests Studio Features
#1

A while ago I wanted to share data between my games but of course, this was not possible. At the RDC a user named AlgyLacey suggested this to one of the admins and I figured now would be a good time to follow this up.

Some of you may remember I put together a module that allowed you to use google sheets as a database, but of course this is far from ideal and can have issues some of the time. If you are interested however, it’s here. I’m already using this myself to introduce a currency that is available in all my places.

Basically, I would very much like the ability to share information between places using data stores. Of course this could create issues, but I’ll try to suggest one implementation I believe could work.

So first off we need some API additions, these are as follows.
[ul][li]A new Enum would be added named DataStorePermission.
[ul]
[li]Enum.DataStorePermission.None
Only the game may use this datastore,[/li]
[li]Enum.DataStorePermission.Read
Games made by the same owner are able to read information but not edit it.[/li]
[li]Enum.DataStorePermission.ReadAndWrite
Games made by the same owner have full access to the data store.[/li]
[li]Enum.DataStorePermission.ReadPublic
Any game can read the data store, and games made by the same owner can write to it.[/li]
[/ul][/li][li]DataStoreService:SetDataStorePermissions(string name, enum DataStorePermission)
The first parameter is the name of the datastore you are setting the permissions for. The second is the permission level for this datastore.[/li]
[li]There would also be a new parameter added to GetDataStore and GetOrderedDataStore, int PlaceId. This would be used to request access to a datastore from another game. It would return nil if the user does not have access. (Or error as that seems popular nowadays.)[/li][/ul]

This system is one of the most secure ways I could come up with executing such a thing, it allows the owner to use their datastore as normal, while permitting other places the ability to read data from them for whatever reason they want.

Now it’s time for a fun list of things you could make with this.
[ul]
[li]You could introduce a currency that players can spend in any of your games, making it more appealing and allowing your other games to get noticed.[/li]
[li]You could find out how good players are at HEX in your medieval shooting game and use this to match players accordingly.[/li]
[li]You could introduce your own ‘level’ system that rewards players across all your games.[/li]
[li]You could share your boring analytics with others.[/li]
[li]You could see how rich somebody is at Work at a pizza place and give them a pizza themed reward because co-sponsering one another is awesome![/li]
[/ul]

I hope you’re sold on the idea, because blackmail is always an option.

34 Likes
#2

Developer mafia tactics. I like.

15 Likes
#3

I was just about to post about this myself, but I saw that it was already posted and explained very well so I’ll bump it instead because it didn’t get much attention when it was posted.

I’d certainly use this feature to help transfer old stats from a game on my profile to the new group game.

5 Likes
#4

This is one of the reasons I wrote a webservice to save data across games and even user accounts using a password-protected system.

1 Like
#5

yeah i think roblox should manage stuff like this - we shouldn’t have to resort to using httpservice with external tools.

#6

You can encode datastore tables into JSON and then save the JSON string through HTTP service, and then load it back the same way. That’s how I would do it anyway…

-Wid

1 Like
#7

I did briefly mention that I had already done this using Google sheets. It’s more about an official way of doing this rather than resorting to an external service.

4 Likes
#8

god, please have the grace to divinely inspire the engineers to have this added.

6 Likes
#9

This would be fantastic if we were somehow able to specify other player’s games that would be able to read and write into the data store.

3 Likes
#10

That could also be done in the Game Configuration page under the Permissions tab, similar to the group allies requests page.

#11

Agreed. Opening up the datastore as read-only to the entire world is overly broad. I’d like to open up data to specified places only.

#12

Btw Silent put up a Trello card for this if anyone wants to vote on it: Trello

2 Likes
#13

It’s not as though they’ll know the keys to use, and this in combination with the limitation in place would make them very difficult to guess.

#14

Security through obscurity is no security at all. From Wikipedia:

Security through obscurity is discouraged and not recommended by standards bodies. The National Institute of Standards and Technology (NIST) in the United States specifically recommends against this practice: “System security should not depend on the secrecy of the implementation or its components.”

1 Like
#15

The information you will be storing should not be sensitive and it will not be writable from games that you do not own. Therefore, opening up your datastore as read-only should not be a concern as all players will really be able to do is get the amount of points players have in your game and other such things.

3 Likes
#16

Don’t get me wrong. I approve of this feature request wholeheartedly. I would really love it. However, it would be better if users who want to share data could do so with a specified sub-set of all other players. To say that the info someone stores should not be sensitive is incorrect. There is any number of valid sensitive data artifacts that might be stored.

1 Like
#17

What kind of sensitive data? Also keep in mind that not all datastores would become public, only the ones you’d assign to be.

It’s a bit silly to shut down such a request because of the possibility that someone could be storing sensitive information on it. If a game is storing and exposing sensitive information about players, then (1) the players should not have given that information and (2) you can report the game to get it deleted, since that would be against the ToS. If a game is storing sensitive information of the game itself or the place creator, then the place creator should not have put it there or exposed that datastore.

#18

Axe isn’t implying the feature should die – he just wants to be able to control specifically who has access to the non-exclusive datastores. In other words, he doesn’t want it to be only public or not public, and instead wants to be able to specify “Alright, only let these people I specifically allow to access this particular datastore”.

Though, I would disagree and say instead of allowing access to people, allow access to games by their ID.

2 Likes
#19

Okay sure, so you have several modes:

  • No other game can read it (default)
  • Every game can read it
  • Inclusive
  • { list of game ids that can read it }

I think an “every game” option would be interesting as well, if you have some sort of group/game statistic of players that you want everyone to be able to read. Such as a group storing detailed rank information in some database, and games related to that group (not necessarily by the group owner or by the group) being able to take advantage of that read-only data without having to request access first.

1 Like
#20

@buildthomas @Brad_Sharp @Silent137 These are my ideas for the API:

Enum.DataStoreAccess.None
Enum.DataStoreAccess.Read
Enum.DataStoreAccess.ReadAndWrite

Instead of methods for DataStoreService (bad design IMO because this is concerning datastores themselves and not the service), they’d be for GlobalDataStore (thing returned by DataStoreService:GetDataStore())

First off, setting whether a DataStore can be read by the public or not:

GlobalDataStore:GetPublicReadableAsync()
GlobalDataStore:SetPublicReadableAsync(boolean)

I’m not sure if a PublicReadable property would be more in line with the rest of the ROBLOX API than Get/Set functions, but that would be fine too.

Finally, Read/Write permissions for specific games:

GlobalDataStore:GetAccessPermissionsAsync() – returns a list of every game’s permissions
GlobalDataStore:SetAccessPermissionAsync(gameId, accessType)

Three of these methods (all but GetPublicReadable) would only work from the game the DataStore was created in, and could not be used by plugins (security risk with malicious plugins). Note that the removal of permissions per your entire account (every one of your games could read and/or write to a particular datastore) is intentional. That opens up a number of potential problems:

List of potential problems
Games are secure right now in the fact that you can rest assured knowing a malicious script in one place won't be able to damage any other. By enabling people to make their datastores accessible to any random one of their places, you're taking away that security. They could insert a private model into a blank place (that they never would have trusted in one of their actual games), and now that module has the ability to mess with *all* of their account-wide datastores since it's being run in their game.

It’s also bad design and poor security. Security is always explicit and intentional, and with your account-wide datastores you’re enabling random places you never intended to have access to specific datastores to read and potentially write to them. Any one of your places could cause hard-to-find problems, whether through a malicious script or just old code in a game (maybe an past test place) you forgot about.

So essentially, you’ll be able to have a toggle for whether a specific datastore can be read by any game, and then further specify on a game-by-game basis whether they can read/write to the datastore. For instance, I could make a public-readable datastore that could be written to by the game it was created it and two of my other games. I could also make a datastore that wasn’t pubic-readable that my game and my friend’s game could could write to. Or, I could make a private one that only I could edit but some of my friends’ games could read from.

2 Likes