question

robert avatar image
robert asked

Policy to list admin members for ListGroupMembership required


We just added following policy to allow non group members to list members, invitations and applications for groups (used so that the user can get information about a Clan before joining). 

  {
    "Action": "Read",
    "Effect": "Allow",
    "Resource": "pfrn:group--group!*/Members/*",
    "Principal": {
      "ChildOf": {
        "EntityType": "title",
        "EntityId": "BE95"
      }
    },
    "Comment": "Allow users to view members of the group",
    "Condition": null
  },
  {
    "Action": "Read",
    "Effect": "Allow",
    "Resource": "pfrn:group--group!*/Invitations/*",
    "Principal": {
      "ChildOf": {
        "EntityType": "title",
        "EntityId": "BE95"
      }
    },
    "Comment": "Allow users to view members of the group",
    "Condition": null
  },
  {
    "Action": "Read",
    "Effect": "Allow",
    "Resource": "pfrn:group--group!*/Applications/*",
    "Principal": {
      "ChildOf": {
        "EntityType": "title",
        "EntityId": "BE95"
      }
    },
    "Comment": "Allow users to view members of the group",
    "Condition": null
  }

Everything works find, expect that admin members are not returned by ListGroupMembership which according to the docs is by design because a non group non admin member will not get group member admins returned.

Does anyone know which policy to use to exactly allow getting admins too for ListGroupMembership?

ListGroupMembersRequest request = new ListGroupMembersRequest();
		
request.Group = GroupEntity(groupId, "group");

PlayFabGroupsAPI.ListGroupMembers(request,
{ListGroupMembersResponse response)=>
{
                
    // no admins returned if we are not a member of groupId
});
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Andy avatar image
Andy answered

Try adding a Role policy as well. Something like this:

{
    "Action": "Read",
    "Effect": "Allow",
    "Resource": "pfrn:group--group!*/Roles/*",
    "Principal": {
      "ChildOf": {
        "EntityType": "title",
        "EntityId": "BE95"
      }
    },
    "Comment": "Allow all players to read group roles",
    "Condition": null
 }
1 comment
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

robert avatar image robert commented ·

Works perfect! Thanks

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.