We just added following policy to allow non group members to list members, invitations and applications for groups (used so that the user can get information about a Clan before joining).
{ "Action": "Read", "Effect": "Allow", "Resource": "pfrn:group--group!*/Members/*", "Principal": { "ChildOf": { "EntityType": "title", "EntityId": "BE95" } }, "Comment": "Allow users to view members of the group", "Condition": null }, { "Action": "Read", "Effect": "Allow", "Resource": "pfrn:group--group!*/Invitations/*", "Principal": { "ChildOf": { "EntityType": "title", "EntityId": "BE95" } }, "Comment": "Allow users to view members of the group", "Condition": null }, { "Action": "Read", "Effect": "Allow", "Resource": "pfrn:group--group!*/Applications/*", "Principal": { "ChildOf": { "EntityType": "title", "EntityId": "BE95" } }, "Comment": "Allow users to view members of the group", "Condition": null }
Everything works find, expect that admin members are not returned by ListGroupMembership which according to the docs is by design because a non group non admin member will not get group member admins returned.
Does anyone know which policy to use to exactly allow getting admins too for ListGroupMembership?
ListGroupMembersRequest request = new ListGroupMembersRequest(); request.Group = GroupEntity(groupId, "group"); PlayFabGroupsAPI.ListGroupMembers(request, {ListGroupMembersResponse response)=> {
// no admins returned if we are not a member of groupId });