question

besjanxhika avatar image
besjanxhika asked

Help with security.

We would like to prevent logged in users to take any actions on PlayFab other than the ones that are defined by our client.

Policy option

Could the policy option be enough in this case?

Following are a few related questions:

  1. Is there an updated documentation that reflects the current JSON structure, list of all possible permissions, etc. related to global, group and user policies?
  2. If the policies list is empty for a given entity or global policies, which is the case, are all permissions denied or allowed by default (seems we don't get consistent behavior).
  3. Is the policy priority defined as (where the later policy would have override the one/s before)?:
    1. Entity Global Title Policy
    2. Group Policy
    3. User Policy
    4. ...
  4. Is there a policy or some other way to deny the logged in user to the client to update the policy through the SetProfilePolicy API?


Other options

Are there other options besides the Policy option to have more control on the security, related to what a user can or cannot do?

Thank you for your time.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Gosen Gao avatar image
Gosen Gao answered

The client interacts with PlayFab through the APIs. If you want the client to be more secure, you can use the API policy to prohibit the APIs that you do not want the client to call. For more info, you can refer to API access policy. As for entity policy, if the policy of a specific entity is empty, the entity will refer to the global policy. If the global policy is also empty, the default policy will be referred. In other words, the specific entity's policy will override the global policy. As for API SetProfilePolicy, if you don't want players to call it, you can deny it with API policy.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.