question

e.timofeev@flexilestudio.com avatar image
e.timofeev@flexilestudio.com asked

Question about Group Deletion

Greetings. We developing clan system using playfab group api, and it's looks like any playfab user can able to delete group using delete group api. It's look like unsafe logic, when any player, instead administrator, can remove group. Or i get it wrong?

apis
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Seth Du avatar image
Seth Du answered

I have done some tests on a new title, and only the players in administrator role can delete the group. If a member tries to delete a group, the below error will return:

{
    "code": 401,
    "status": "Unauthorized",
    "error": "NotAuthorized",
    "errorCode": 1089,
    "errorMessage": "The claim was not allowed to perform the requested action based on the entity's access policy. Policy comment: By default, all requests are denied. If you expected this request to succeed, you may be missing a policy. See the permissions APIs in PlayFab's Admin Api to add a permission."
}

Please check again if you are using an administrative player's entity token. In addition, have you modified your entity policy?

10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.