I learned from the PlayFab community slack that we can tweak Entity API policies via this page:
https://developer.playfab.com/en-US/[title_id]/settings/api-features
However, without much documentation or examples, I don't know how to forbid the CreateGroup() call from my client.
I would like to forbid CreateGroup() otherwise a hacked client could just create guilds (groups) for free, but in our game we'd like guilds to have a virtual currency cost and only have one guild per player.
Another related question: how do we allow ListMembers() on the client?
P.S. It seems weird to me that CreateGroup() is allowed by default, while ListMembers() is denied by default. CreateGroup() seems way more dangerous to me than ListMembers().