Idea

Rich Joslin avatar image
Rich Joslin suggested

limit access to Cloud Script functions?

Is there a way to configure a Cloud Script handler function so only certain users are allowed to access it? I can think of a way of handling this within the function itself, but just wanted to check if there was another built-in way, or if it's a planned feature.

(I want to make an admin tool for my game that uses Cloud Script, so I can do things like delete matches, fix match data by hand, moderate content, etc.)

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

4 Comments

·
brendan avatar image
brendan commented

So what you're looking for is a user permissions check for the title? Developer accounts aren't the same as user accounts in the title, so you would need to set up the user accounts explicitly, and then authorize them as "admins" of your title. It's possible for us to do that, but given that you could set all this in Read Only or Internal User Data today, I'm not sure what we could do that would be a substantive addition?

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Rich Joslin avatar image
Rich Joslin commented

I don't quite understand what you're saying. What I mean is, anyone that's logged into the game (not just admins) can send a request to any of the endpoints in my Cloud Script and get a response. I'd like to have some endpoints that are only accessible to admins. For now, I've hardcoded my admin account ID into the endpoints that should reject anyone other than that user id. For instance, for debugging, an endpoint that wipes out all currently in-progress pvp matches. I wouldn't want any old user to access that function.

I tested clearing out a shared group via Cloud Script with an account that's not an admin and not a member of the shared group, and it worked (maybe it's a bug that's confusing me).

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

brendan avatar image
brendan commented

Sorry, Rich - let me clarify:

There are user accounts and developer accounts. A user account is what you see in the Players list - people who have signed into your game using any of the Login methods. The developer accounts - the ones that can have the admin privilege for your game - aren't user accounts. You have to create user accounts using the normal player flow. You could, of course, define a User Internal Data value to represent a user being an admin on your game, and set it using a Server API call, but that's not a concept that's built into the service right now.

What I would recommend doing is creating a Title Internal Data item which is an array of PlayFab IDs of the people you want to have admin rights in your game. Then for each of the Cloud Script calls you want to be admin-only, pull that Title Internal Data and check that the current user is in that set.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Rich Joslin avatar image
Rich Joslin commented

Sure, better to keep the ids in the db than in the code. Thanks again!

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write a Comment

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Your Opinion Counts

Share your great idea, or help out by voting for other people's ideas.

Related Ideas