question

Tyler Hasman avatar image
Tyler Hasman asked

Player can edit their display name even if I disable that

As you can see I have it disabled but players can still edit their own display name

apis
capture.png (22.1 KiB)
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Citrus Yan avatar image
Citrus Yan answered

Hey, I tried reproducing your issue, but I found out that what you’ve disabled only keeps from players accessing their display name, editing is still available. Maybe you should try to prevent clients from calling UpdateUserTitleDisplayName in order to keep players from editing their display name.

4 comments
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Seth Du avatar image Seth Du ♦ commented ·

In other words, you may edit API policy to restrict usage via admin API UpdatePolicy. For more information, please refer to: https://docs.microsoft.com/en-us/gaming/playfab/features/config/gamemanager/api-access-policy

0 Likes 0 ·
Tyler Hasman avatar image Tyler Hasman commented ·

I tried to do that but I get an error

{
    "Action" : "*",
    "Effect" : "Deny",
    "Resource" : "pfrn:api--/Client/UpdateUserTitleDisplayName",
    "Principal" : "*",
    "Comment" : "Only title can edit display names"
  }

The error I get is:

Failed to save new global policy: Invalid action Write in statement.
0 Likes 0 ·
Citrus Yan avatar image Citrus Yan Tyler Hasman commented ·

Hey, I tried reproducing your issue both in C# and Postman but my tests worked fine. Did you miss something? If you still getting the error, provide us your title id and we’ll take a look.

0 Likes 0 ·
Seth Du avatar image Seth Du ♦ Tyler Hasman commented ·

Here is my request

{
  "PolicyName": "ApiPolicy",
  "Statements": [
    {
      "Resource": "pfrn:api--*",
      "Action": "*",
      "Effect": "Allow",
      "Principal": "*",
      "Comment": "The default allow all policy"
    },
    {
      "Resource": "pfrn:api--/Client/UpdateUserTitleDisplayName",
      "Action": "*",
      "Effect": "Deny",
      "Principal": "*",
      "Comment": "Disable client to change display name"
    }
  ],
  "OverwritePolicy": true
}

It works fine.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.