Hi there,
I'm new to playfab. I'm making a game and I want to store some private data in entity objects because these data will be accessed frequently. Is there anyway to make the data only able to be read or written via cloudscript? I tried to edit the policy but this method also denies server from accessing the data.
Could you please share your policy that’s not working? And, the following policy should meet your requirements – the title entity (server) can access it while the title_player_account entity can’t :
{
"Action": "*",
"Effect": "Deny",
"Resource": "pfrn:data--*![SELF]/Profile/*",
"Principal": {
"EntityType": "title_player_account",
"EntityId": "*"
},
"Comment": " deny player entity self-access",
"Condition": null
}
Thanks, I tried and it worked! But could you explain the meaning of the "*![SELF]" and the Principal? I'm a little bit confused. Thank you very much! The statement that's not working I tried before is the following:
{
"Action" : "*"
"Effect" : "Deny",
"Resource" : "pfrn:data--*!*/Profile/*",
"Principal" : null,
"Comment" : ''",
"Condition" : null
}
[SELF] means that the policy only applies if the resource is owned directly be the caller. Principals match not just on the caller, but a relationship between the caller and the entity being accessed.
Currently, docs on Entity Policy is not available, please keep an eye on the doc portal for any new updates.
So what about the "*!" before [SELF]. And does this mean that other players can call api to access this player's resources? If yes how can I deny all access from clients (both owner and others) and just allow access via cloudscript?
3 People are following this question.
