question

anthojny avatar image
anthojny asked

[THISENTITY] and [SELF] not working in group policy

I am try add this policy to my group

{

"Action": "RemoveMember",

"Effect": "Allow",

"Resource": "pfrn:group--group![THISENTITY]/Members/[SELF]",

"Principal": { "ChildOf": { "EntityType": "title", "EntityId": "1234" } },

"Comment": "Allow entities to leave the group",

"Condition": null

},

but today it write: "is not valid in this statement because no resource deserializers could accept this type of resource."

Thuesday was everything ok, yesterday i could't opened group in web manager with this policy and today i can't add this policy. What is correct way, to define policy?

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
pfnathan avatar image
pfnathan answered

We have removed [thisentity] entirely, you can just use "*!*" now since entity-level permissions reference the entity itself implicitly

[SELF] always refers to the claimant now (so it IS valid as say /Members/[SELF]) but not as, say, a principal.

There's an unresolved issue in game manager where it doesn't show default policies of the group but if you add any policies there you will overwrite every policy on the group. For now your best bet is to at least get the full default policy set from the group by, in this case, trading your title secret key for an entity token with the GetEntityToken api, then using the GetProfile API to see the actual applied permissions to that group. Once you have those you can copy them into game manager (everything in the Permissions property).

And that specific policy in your question is already on the groups - it reads like this now:

{
 	"Resource": "pfrn:group--*!*/Members/[SELF]",
	 "Action": "RemoveMember",
	 "Effect": "Allow",
	 "Principal": {
	     "ChildOf": {
		 "EntityType": "title",
 		 "EntityId": "<myTitleId>"
          }
      },
        "Comment": "Allow entities to leave the group"
 }
6 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

anthojny avatar image anthojny commented ·

Thanks, a have now problem with delete old groups with [thisentity] in policy. I try it on game manger and by cloudscript but i get error.

0 Likes 0 ·
pfnathan avatar image pfnathan ♦ anthojny commented ·

Can you let us know what types of error you are getting, please? are you getting same "is not valid in this statement because no resource deserializers could accept this type of resource." error? Also, Please let us know your Title ID as well. thanks.

0 Likes 0 ·
anthojny avatar image anthojny commented ·

Title id is 8014, it write: The resource pfrn:group--group![THISENTITY] is not valid in this statement because no resource deserializers could accept this type of resource.

0 Likes 0 ·
pfnathan avatar image pfnathan ♦ anthojny commented ·

Our engineering team had just updated the group policy, please try again and let us know if the fix is working for you.

0 Likes 0 ·
anthojny avatar image anthojny pfnathan ♦ commented ·

Thanks, now remove clan workoing correct.

0 Likes 0 ·
Show more comments

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.