Normal identities

(Redirected from Context level)

In order to prevent malicious users from making use of Roblox's more sensitive APIs, each Lua thread has a certain identity level depending on the origin of the code's execution. This page details what identity levels exist, and the identity levels associated with Roblox's security context tags.

Identities[edit]

The specific identity of a thread can be found by calling the global printidentity function. Identities were arbitrarily chosen meaning that there is no specific hierarchy between them. For example, identity 2 has no access to anything protected while all of the other identities can use at least some protected items. The numbers themselves have no meaning, and there is no hierarchy between them theoretically (though practically, some of them do allow for more to be done than others). All threads with an identity can only use what their identity allows them to do. Threads with no identity can do anything and are unrestricted.

Identities
Name Identity Description
Anonymous 0 Identity level of unknown origin. This level is unable to perform any actions.
LocalGui 1 Any action initiated by Roblox Studio or the mouse. An example would be the expression evaluator.
GameScript (Script/LocalScript/ModuleScript) 2 Execution of a LuaSourceContainer object inside any DataModel
GameScriptInRobloxPlace (Script/LocalScript/ModuleScript) 3 Execution of a LuaSourceContainer object inside any DataModel, if the place was authored by Roblox
RobloxGameScript (CoreScript) 4 Execution of a CoreScript object written by Roblox
Command line (or -script) option 5 Execution of Lua code on Roblox Studio's command line.
Plugin 6 Execution of Lua code from a plugin.
COM (Backend Server) 7 Execution of Lua code from the backend server.

Security contexts[edit]

Certain API members in Roblox are given a tag indicating what identity levels are allowed to use them.

Context Description Identity levels that can use this
None
(no security tags)
Member can be used with any identity level that Roblox can identify. 1,2,3,4,5,6,7
RobloxPlaceSecurity Member can be used by any identity level, but only if Roblox has marked the game as being authored by Roblox. 3,4,5,6,7
PluginSecurity Member can only be used by identity levels that have security <= to plugins 4,5,6,7
LocalUserSecurity Member can only be used by identity levels that have security <= to the command bar 4,5,7
RobloxScriptSecurity Member can only be used by CoreScripts, or Roblox's backend server. 4,7
RobloxSecurity Member can only be used by Roblox's backend server, and thus cannot be activated by users in any shape or form. 7
NotAccessibleSecurity Member cannot be used in any Lua context, period. It might be changeable in Roblox Studio's property menu. N/A

See also[edit]