question

jounisuom avatar image
jounisuom asked

How do I allow specific player account to upload title entity files?

How do I grant access to a specific user to upload a file to "title" entity? In my upload initiation I have set EntityId to my title ID and EntityType to "title". In return I get a NotAuthorized error: "The claim was not allowed to perform the requested action based on the entity's access policy. Policy comment: title_player_account cannot write Title Data".

I have tried to edit the global policy JSON of my title (in Settings -> API Features) to allow this user to access title files but without success.

Title Dataentities
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
brendan avatar image
brendan answered

Can you please describe the actual gameplay you're trying to enable? What you're describing is allowing a client to write to the title filespace directly. We don't allow that, as giving the client the authority to upload arbitrary files would rapidly cause your title to become an illegal fileshare.

11 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

jounisuom avatar image jounisuom commented ·

Our game designers use spreadsheets for game balancing and economy data. I'm writing a tool to parse these sheets to a JSON file (which is quite large) to be distributed to clients as a title file. I would like to be able to push the JSON file to PlayFab from my tool so designers don't have to open PlayFab Game Manager dashboard and upload the JSON there manually (and possibly introduce a human error in process). Is there some other API I can use if client API isn't allowed to do that?

0 Likes 0 ·
brendan avatar image brendan jounisuom commented ·

So, it sounds like the confusion is around the difference between the classic APIs and the new one. There is no "Client Entity API". There's the classic Client API with the original functionality. Separately, we have an Entity API, which has the newer logic model we've been rolling out. In your case, what you want to do is use the Entity API to get a Title Entity Token, using the Secret Key. The Title Entity does have permission to write to the Title Entity Object and File space.

0 Likes 0 ·
jounisuom avatar image jounisuom brendan commented ·

Got it, I can't really find documentation regarding this issue, so now I tried getting the Title Entity Token with Unity SDK as follows:

var request = new GetEntityTokenRequest() { Entity = new EntityKey { Id = configuration.PlayfabId, Type = "title"} };


PlayFabAuthenticationAPI.GetEntityToken(request, onSuccess, onError, null, new Dictionary<string, string>() { { "X-SecretKey", secretKey }});

And it fails with error

NotAuthorized: The claim was not allowed to perform the requested action based on the entity's access policy. Policy comment: By default, all requests are denied. If you expected this request to succeed, you may be missing a policy. See the permissions APIs in PlayFab's Admin Api to add a permission.

What I understand from the default policies, title should have all access to it's own data?..

Thanks for your swift responses!

0 Likes 0 ·
Show more comments
jounisuom avatar image jounisuom commented ·

Thanks for the help! It wasn't obvious that I needed to call the GetEntityToken without EntityKey set. Uploads now work after getting the Entity Token with the secret key in X-SecretKey header.

0 Likes 0 ·
jounisuom avatar image jounisuom commented ·

One more follow-up question: how should we go about distributing title entity files to clients? Can title player accounts be authorized to download title entity files? Or should we save the download URL of the file to for example Title Data when publishing the JSON? Will the download URL expire?

If I try to get the metadata of title entity files with a regular player account I once again get the NotAuthorized.

0 Likes 0 ·
brendan avatar image brendan jounisuom commented ·

Yes, a title player entity can be allowed to download title entity files - that's one method for distributing them. The other would be by using the Content service. In no case would you use Title Data to store a download URL, since the download URL does indeed expire.

This is what you need to add to your policy to allow read of all title files (if you want a specific file, just change the * to the filename in question). This also assumes your Title ID is ABC1, so replace that with your actual Title ID.

    {
        "Effect": "Allow",
        "Resource": "pfrn:data--title!5F4/Profile/Files/*",
        "Principal": {
            "ChildOf": {
                "EntityType": "title",
                "EntityId": "ABC1"
            }
        },
        "Comment": "Allow all title members to read all title files",
        "Action": "Read"
    }
1 Like 1 ·
brendan avatar image brendan brendan commented ·

Sorry - minor edit to the above.

0 Likes 0 ·
Show more comments

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.