question

Brent Batas (Lisk) avatar image
Brent Batas (Lisk) asked

PlayFab Admin API for Studio Users

I want to create a "Moderation Tools" suite for some community managers to easily hand out temporary suspensions/chat mutes.

Temporary suspensions/chat mutes would be done by updating some player data.

Community managers currently can do this by logging into our PlayFab dashboard since they have limited access Studio User accounts. However, it is a bit clunky to manage users this way, for various title-specific reasons.

I was imagining creating a C# console app that they would login to, using their PlayFab Studio User account details. Then they'd be able to type in commands there, such as "suspend [playFabId] [minutes]" depending on their account permissions.

Is this possible? I want to give them the ability to call **some** Admin API calls, but not all of them. I also don't want to give away our title secret key.

If not, what solution would you recommend?

apisAccount Management
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Joshua Strunk avatar image
Joshua Strunk answered

Sadly, the Admin API does not have the concept of studio users/admins and only has the one secret key auth method and access level.

Quoting Brendan from the time I asked what I am guessing is the same question.

"So if this is a low-trust scenario, I'd say either have them do their work only in the Game Manager, or have everything run through a server you control.[This could be CloudScript though somewhat limited in what you can do through CloudScript or a simple web server]"

Recommendations for handling access permissions in custom tools

1 comment
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Brent Batas (Lisk) avatar image Brent Batas (Lisk) commented ·

Thanks for the answer Joshua. Unfortunate to hear that :(


I may just have everything run through a server we control, such as our lobby server. Then I would tie account permissions to their PlayFab player account, to give them access to commands like /ban [username] etc.

My concern with this is that maybe a non-moderator user may be able to spoof a packet as if it were coming from the moderator and thus dish out ban commands, but maybe I'm overthinking things.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Error rendering WebPanel (widgets/consolidation-widget.ftl): org.hibernate.hql.internal.ast.QuerySyntaxException: AvailableConsolidation is not mapped [from AvailableConsolidation up where up.node = :node]