Access control

Configure visibility and access permissions to control who can discover and join your sessions.

阅读时间1 分钟

最后更新于 3 天前

By default, the MPS SDK accepts API calls from either an Authenticated Player or a Service Account. In some cases, you might want more control over how sessions are created or joined. In those cases you can use Access Control.

Service Account controlled sessions

In the following example, sessions can only be created and players can only join via a Service Account. Service accounts allow you to control the session by restricting write access for Players. Creating project policies via CLI with the following JSON definition will

Deny

all write access to session service APIs, except the Reconnect and Tokens endpoints. Note that any API that requires read access (HTTP GETs) is still accessible.


{  "statements": [    {      "Sid": "DenyPlayerSessionWrites",      "Resource": "urn:ugs:lobby:/v1/*",      "Principal": "Player",      "Action": ["Write"],      "Effect": "Deny"    },    {      "Sid": "AllowPlayerSessionReconnect",      "Resource": "urn:ugs:lobby:/v1/*/reconnect",      "Principal": "Player",      "Action": ["*"],      "Effect": "Allow"    },    {      "Sid": "AllowPlayerSessionTokens",      "Resource": "urn:ugs:lobby:/v1/*/tokens",      "Principal": "Player",      "Action": ["*"],      "Effect": "Allow"    }  ]}

Upsert the policies with

ugs access upsert-project-policy -p <project-id> -e <env-name> <file-path>

. Any API call that violates the policy will be rejected with a

403 - Forbidden

error.

文档

Development

User Acquisition

Monetization

工业

Multiplayer Services SDK

All Services

Multiplayer Services SDK

Access control

Service Account controlled sessions