alicesaidhi
commented
1 month ago Some permissions that would need to be separated would be:
- changing component data
- performing queries
- reading scheduler
- change tracking
- pausing systems
- accessing other clients
- accessing server
It's currently unsafe to give anyone the ability to use jabby beyond who you trust. While there currently is a way to tell the server that someone can run jabby, it's a little hacky as it also has to be performed on all the clients. Ideally, the new permission system would only need to go through the server.