We would like to prevent logged in users to take any actions on PlayFab other than the ones that are defined by our client.
Policy option
Could the policy option be enough in this case?
Following are a few related questions:
- Is there an updated documentation that reflects the current JSON structure, list of all possible permissions, etc. related to global, group and user policies?
- If the policies list is empty for a given entity or global policies, which is the case, are all permissions denied or allowed by default (seems we don't get consistent behavior).
- Is the policy priority defined as (where the later policy would have override the one/s before)?:
- Entity Global Title Policy
- Group Policy
- User Policy
- ...
- Is there a policy or some other way to deny the logged in user to the client to update the policy through the SetProfilePolicy API?
Other options
Are there other options besides the Policy option to have more control on the security, related to what a user can or cannot do?
Thank you for your time.