Hi,
I'm able to access all TitleIds from a single one that I'm logged in. In our game we have different TitleIds for Dev, QA and Prod. I can call ExecuteFunction on functions on Dev when logged in on Prod. Steps to reproduce:
Call LoginWithEmailAddress with a player that exists already in both Prod and Dev, pointing to the Prod TitleId.
Get the resulting EntityToken from the response.
Call ExecuteFunction with Prod TitleId and title_player_account Entity.Id the Id from the Dev player.
Results: The Execute function is run on Dev even though we are pointing to Prod.
Expected results: I would say an error as the title_player_account from Dev does not exists on the TitleId Prod we are pointing to when calling the ExecuteFunction. Also, the EntityToken should be generated and validated for the Prod env we logged in and shouldn't let you valid access to different environments just by changing the Entity.Id in the call.