Take a sneak peak of our new documentation Read More
Request a Demo
solutions

AccelByte Cloud

access

Access

Connect cross-platform accounts & identity management

 analytics

Analytics

Make informed decisions with player and game telemetry

 distribution

Distribution

Player Portal, Launcher, and Patcher

 engagement

Engagement

Track, engage, and retain players

 

social

Social

Build a vibrant community

 monetization

Monetization

Grow and commercialize your game

 storage

Storage

Track player progression and game state across platforms

 play

Play

Dynamically assemble and match players

BlackBox

blackbox logo

Get a 360 view on game health by combining crash reporting, performance analytics, build quality and binary distributtion into one toolbox

Learn more
Company
pricing
careers
Resources
Blog
Customer Stories
eBooks
Videos
Docs
Request a Demo
Learn more about our services and how to integrate them into your game. | AccelByte Documentation
Last Updated: 1/17/2023, 4:38:38 AM

# Roles

# Overview

Roles are used to allow central management of user permissions as well as define whether a user can access the Admin Portal. A role is an association between a list of permissions and a list of users. As permissions cannot be directly defined on a user account, roles provide the mechanism for assigning permissions to a user. When a user signs into the platform, the user inherits the permissions granted by all roles assigned to that user.

Roles can be configured to allow access to all namespaces, which means that any user assigned to that role will have the permissions granted by that role in any namespace the user signs into. If a role is not configured to allow access to all namespaces, you must choose which namespaces the role will be applied in for each user that is assigned to the role.

AccelByte Cloud’s platform includes several default roles that have already been granted permissions and are ready to use. You can also create a new role with a set of permissions to match users’ needs in your organization. That way, you can avoid users having access they don’t need.

INFO

Role ID is a universally unique identifier (UUID) that is automatically generated when the role is created and can never be changed.

# Permissions

Permissions (opens new window) are used to grant access to specific resources within our services. Make sure your account has the following permissions before you attempt to manage roles in the Admin Portal. For a full list of permissions that impact roles management, see the IAM tab of the permissions reference (opens new window).

Usage Resource Action
Create Role ADMIN:ROLE Create
Add Role Permissions ADMIN:ROLE Update
Invite User Admin ADMIN:NAMESPACE:{namespace}:USER:INVITE Create
Admin Add User’s Role ADMIN:NAMESPACE:{namespace}:ROLE:USER:* Update

Permissions work slightly differently depending on whether they are assigned to IAM Clients (opens new window) or Roles assigned to users. For more information, read the Authentication and Authorization (opens new window) documentation.

# Default Roles

When a new publisher environment is created, it will contain the following roles by default. Each role contains its own permissions. Here’s the list of default roles and their permissions:

Role Admin Description Permissions
User No A user that normally signs into the backend through the game, i.e., a player. The user role is automatically applied to user accounts when they are created, for the purpose of giving players the permissions they need to access resources within your game. Permissions
View Only Yes Read-only admin access to the Admin Portal. Has access to all namespaces. Permissions
Game Admin Yes Full control, admin access to the Admin Portal. Has access to specific game namespaces only. Permissions
Super Admin Yes Full control, admin access to the Admin Portal. Has access to all namespaces. Permissions

# Manage Roles in the Admin Portal

# Create a New Role

  1. In the Admin Portal, open the Platform Configurations dropdown in the top-right corner of the page and select the Roles menu.

roles

  1. On the Roles page, click the Create New button.

roles

  1. By default, when you create a new role, you will be prompted to select an existing role to clone. This enables you to quickly create new roles with all the permissions from the cloned role carried over. If you don’t want to clone a role and would prefer to select permissions separately, select the I want to create a new role from scratch checkbox.

    To clone an existing role, fill in the Create New Role fields with the following information:

  • Enter a name for the role in the Role Name field.

  • Select the existing role that you want to clone from the Select Role dropdown.

    roles

    To create a new role without cloning, select the I want to create a new role from scratch checkbox and fill in the fields with the following information:

  • Enter a name for the role in the **Role Name **field.

  • Select the Set as Admin Role checkbox if you want your role to have access to the Admin Portal.

  • Select the Set as Global Role checkbox if you want your role to be able to access all namespaces.

    roles

  1. Once completed, click the Create button to create your new role.

# Add Permissions to a Role

After you create a role, you can add permissions to the role by following the steps below.

  1. In the Admin Portal, open the Platform Configurations dropdown in the top-right corner of the page and select the Roles menu.

roles

  1. Find the role that you want to add permissions to and click View.

roles

  1. In the Permissions section of the Role page, click the Add Permission button.

roles

  1. The Add Role Permission will appear. Fill in the fields with the following information:
  1. Once completed, click Confirm. The permission will be added to the role.

# Assign a Role to a User

You can assign a role to the user from either the User Management page or the Roles page in the Admin Portal.

# Assign a Role from the Role Page

  1. In the Admin Portal, open the Platform Configurations dropdown in the top-right corner of the page and select the Roles menu.

roles

  1. Click View next to the role that you want to assign users to.

roles

  1. Click the Assign Role button in the Assigned Users section of the page.

roles

  1. The Assign User Role form appears. Fill in the fields with the following information to add the role to the selected user:

  • In the User ID or Email Address field, enter the user ID or email address of the user you want to assign to the role to.

  • If the role has not been configured to allow access to all namespaces, the Select Namespace field will appear, where you can choose one or more namespaces. These namespaces will be the only namespaces in which the user will be given this role. This allows you to create one role that can be used for multiple games.

    roles

  1. Once completed, click Add. The user will be assigned to the selected role.

# Assign a Role from the User Management Page

  1. In the desired namespace of the Admin Portal, expand the Users Management section and click Users.

roles

  1. Search for the user account that you want to assign a role to using the credential for that user that you have on hand. For more information, see the Search for a User (opens new window) tutorial.

roles

  1. The results of your search will appear. Browse the list to find the account you’re looking for and click View in the Action column of the account listing to open it.

roles

  1. The User Overview will appear. From here, open the Roles tab from the ribbon at the top of the page.

roles

  1. On the Roles page, click the Add Role button.

roles

  1. The Add Role form appears. Fill in the fields with the following information:

  • Select the role you want to assign to the user from the Roles dropdown menu.

  • Enter the namespace where the user should have this role in the Namespace field. You can enter more than one namespace.

    roles

  1. Once completed, click the Add button. The role will be added to the user.

IAM Clients