Security context

Scripts on Roblox have a thread identity which indicates what security access they have to the scripting API. Some class members in the scripting API can only be used by scripts that have the required permission.

Identities
A thread identity is an identity (an integer) given to a thread that indicates which permissions it has.

The identity of a thread can be found by using the printidentity function. This function will print the identity of the thread, prefixed by the last argument given to it if it is a string or a number, "(null)" otherwise, and a space. If no argument is given to it, it will prefix it by "Current identity is", followed by a space.

The identity of a thread will usually depend on where it comes from. For example, threads executed as plugins have an identity of 6, threads running code from the command bar or the "execute script" option have an identity of 5, and scripts and local scripts usually have an identity of 2.

Permissions
Each property, method, event or callback in the scripting API may require a permission. The existing permissions are PluginSecurity, RobloxPlaceSecurity, LocalUserSecurity, WritePlayerSecurity, RobloxScriptSecurity, RobloxSecurity, TestLocalUserSecurity, ScriptWriteRestricted: [NotAccessibleSecurity], and ScriptWriteRestricted: [PluginSecurity]. All threads have access to members that do not require a permission.

Roles
The table below shows which permissions are associated to each identity.

Virtual machines
Threads with different identities can be run with different Lua virtual machines, so that user scripts are not mixed with scripts authored by Roblox. There are currently only two virtual machines, one for s and other threads that have RobloxScript access and another for all the other threads. In studio builds, there is a third virtual machine used for studio plugins.

Additional restrictions
If the RobloxLocked property of an object is true, only scripts with the Plugin permission will be able to index signals and children of the object, set its properties or assign its callbacks, call yielding functions of the object, change the parent of the object's children, or create objects with the object as the parent using. Furthermore, scripts that do not have this permission will not be able to call non-yielding functions of the object unless it is not a descendant of. This property is used, among other things, for GUI objects created by s.