question

Artur Khusainov avatar image
Artur Khusainov asked

Prevent master_player_account from editing it's Profile Object

I want to Restrict write access to Player entity object Ban.

It works for title_player_account and character. But doesn't work for master_player_account.

{
    "Resource": "pfrn:data--*!*/Profile/Objects/Ban",
    "Action": "Write",
    "Effect": "Deny",
    "Principal": "*",
    "Comment": "Only title can edit user Ban Objects",
    "Condition": {
      "CallingEntityType": "title_player_account"
    }
  },
  {
    "Resource": "pfrn:data--*!*/Profile/Objects/Ban",
    "Action": "Write",
    "Effect": "Deny",
    "Principal": "*",
    "Comment": "Only title can edit user Ban Objects",
    "Condition": {
      "CallingEntityType": "character"
    }
  },
  {
    "Action": "Write",
    "Effect": "Deny",
    "Resource": "pfrn:data--*!*/Profile/Objects/Ban",
    "Principal": "*",
    "Comment": "Only title can edit user Ban Objects",
    "Condition": {
      "CallingEntityType": "master_player_account"
    }
  }
entities
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Gosen Gao avatar image
Gosen Gao answered

I have done a quick test with the Policy you mentioned, and it successfully triggered the Policy. I got an EntityToken from API GetEntityToken by passing a master_player_account level Entity. And then when I use that EntityToken to call SetObjects, I got "Only title can edit user Ban Objects" which is an expected result. May I know how you test the master_player_account?

2 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Artur Khusainov avatar image Artur Khusainov commented ·

First i am calling LoginWithCustomID. Looks like it returns Entity Token connected with title_player_account.

And then i am calling Set Objects by passing it hard-coded Json like this

Request: {
    "Entity":
    {
        "Id": "0000000000000000000000000",
        "Type": "master_player_account",
        "TypeString": "master_player_account"
    },
    "ExpectedProfileVersion": 0,
    "Objects": [
        {
            "ObjectName": "Ban",
            "DataObject":
            {
                "BAN2": "4444"
            }
        }
    ]
}

Also i am using UE4 plugin. And i am doing it in Blueprints not in C++ code.

So it seems like i have Entity Token connected with title_player_account,
but i am passing master_player_account as Entity.
And this allows me to change Object "Ban" connected with master_player_account.

0 Likes 0 ·
Gosen Gao avatar image Gosen Gao Artur Khusainov commented ·

Since the content in master_player_account is accessed globally for all titles in the studio, while the ENTITY GLOBAL TITLE POLICY is the policy of the current title, so it cannot restrict the access to master_player_account.

Actually, there is a Policy for master_player_account only, you can find it at the Players page of Game Manager. If you want to restrict the access to Objects of master_player_account, you can modify it with API SetProfilePolicy when an account is registered.

1 Like 1 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.