So, in the game client we need to retrieve a master_account_id from a title_account_id (of another player) and there's no API function for that. We need this for PlayFab Party as it works with title_account_ids, while to retrieve some account info we need a master_account_id (GetPlayerCombinedInfo). After some research, I found a GetProfile API that can return master_account_id from a title_player_account entity, but we need to modify GlobalPolicy to allow this.
My questions are:
Are we overexposing player data with this rule below? Is there a more strict policy we can set, like allowing only to get a lineage of another player?
{ "Resource": "pfrn:data--*!*/Profile/*", "Action": "Read", "Effect": "Allow", "Principal": { "ChildOf": { "EntityType": "title", "EntityId": "[Redacted]" } }, "Comment": "Allow getting Profiles info for everyone in the Title" },
Are there any risks of exposing this info to everyone? Why is it hidden by default?
Attaching a full policy file for additional info: 5361-globalpolicy.zip
Thanks in advance!