Access control

Configure visibility and access permissions to control who can discover and join your sessions.

Read time 1 minute

Last updated a day ago

By default, the MPS SDK accepts API calls from either an Authenticated Player or a Service Account. In some cases, you might want more control over how sessions are created or joined. In those cases you can use Access Control.

Service Account controlled sessions

In the following example, sessions can only be created and players can only join via a Service Account. Service accounts allow you to control the session by restricting write access for Players. Creating project policies via CLI with the following JSON definition will

Deny

all write access to session service APIs, except the Reconnect and Tokens endpoints. Note that any API that requires read access (HTTP GETs) is still accessible.


{  "statements": [    {      "Sid": "DenyPlayerSessionWrites",      "Resource": "urn:ugs:lobby:/v1/*",      "Principal": "Player",      "Action": ["Write"],      "Effect": "Deny"    },    {      "Sid": "AllowPlayerSessionReconnect",      "Resource": "urn:ugs:lobby:/v1/*/reconnect",      "Principal": "Player",      "Action": ["*"],      "Effect": "Allow"    },    {      "Sid": "AllowPlayerSessionTokens",      "Resource": "urn:ugs:lobby:/v1/*/tokens",      "Principal": "Player",      "Action": ["*"],      "Effect": "Allow"    }  ]}

Upsert the policies with

ugs access upsert-project-policy -p <project-id> -e <env-name> <file-path>

. Any API call that violates the policy will be rejected with a

403 - Forbidden

error.

Documentation

Development

User Acquisition

Monetization

Industry

Multiplayer Services SDK

All Services

Multiplayer Services SDK

Access control

Service Account controlled sessions