Access
Connect cross-platform accounts & identity management
Roles are used to allow central management of user permissions as well as define whether a user can access the Admin Portal. A role is an association between a list of permissions and a list of users. As permissions cannot be directly defined on a user account, roles provide the mechanism for assigning permissions to a user. When a user signs into the platform, the user inherits the permissions granted by all roles assigned to that user.
Roles can be configured to allow access to all namespaces, which means that any user assigned to that role will have the permissions granted by that role in any namespace the user signs into. If a role is not configured to allow access to all namespaces, you must choose which namespaces the role will be applied in for each user that is assigned to the role.
AccelByte Cloud’s platform includes several default roles that have already been granted permissions and are ready to use. You can also create a new role with a set of permissions to match users’ needs in your organization. That way, you can avoid users having access they don’t need.
INFO
Role ID is a universally unique identifier (UUID) that is automatically generated when the role is created and can never be changed.
Permissions (opens new window) are used to grant access to specific resources within our services. Make sure your account has the following permissions before you attempt to manage roles in the Admin Portal. For a full list of permissions that impact roles management, see the IAM tab of the permissions reference (opens new window).
Usage | Resource | Action |
Create Role | ADMIN:ROLE | Create |
Add Role Permissions | ADMIN:ROLE | Update |
Invite User Admin | ADMIN:NAMESPACE:{namespace}:USER:INVITE | Create |
Admin Add User’s Role | ADMIN:NAMESPACE:{namespace}:ROLE:USER:* | Update |
Permissions work slightly differently depending on whether they are assigned to IAM Clients (opens new window) or Roles assigned to users. For more information, read the Authentication and Authorization (opens new window) documentation.
When a new publisher environment is created, it will contain the following roles by default. Each role contains its own permissions. Here’s the list of default roles and their permissions:
Role | Admin | Description | Permissions |
---|---|---|---|
User | No | A user that normally signs into the backend through the game, i.e., a player. The user role is automatically applied to user accounts when they are created, for the purpose of giving players the permissions they need to access resources within your game. | Permissions |
View Only | Yes | Read-only admin access to the Admin Portal. Has access to all namespaces. | Permissions |
Game Admin | Yes | Full control, admin access to the Admin Portal. Has access to specific game namespaces only. | Permissions |
Super Admin | Yes | Full control, admin access to the Admin Portal. Has access to all namespaces. | Permissions |
By default, when you create a new role, you will be prompted to select an existing role to clone. This enables you to quickly create new roles with all the permissions from the cloned role carried over. If you don’t want to clone a role and would prefer to select permissions separately, select the I want to create a new role from scratch checkbox.
To clone an existing role, fill in the Create New Role fields with the following information:
Enter a name for the role in the Role Name field.
Select the existing role that you want to clone from the Select Role dropdown.
To create a new role without cloning, select the I want to create a new role from scratch checkbox and fill in the fields with the following information:
Enter a name for the role in the **Role Name **field.
Select the Set as Admin Role checkbox if you want your role to have access to the Admin Portal.
Select the Set as Global Role checkbox if you want your role to be able to access all namespaces.
After you create a role, you can add permissions to the role by following the steps below.
Select the actions the permission requires in the Action field. These can be found in the Permissions Reference (opens new window) list.
You can assign a role to the user from either the User Management page or the Roles page in the Admin Portal.
In the User ID or Email Address field, enter the user ID or email address of the user you want to assign to the role to.
If the role has not been configured to allow access to all namespaces, the Select Namespace field will appear, where you can choose one or more namespaces. These namespaces will be the only namespaces in which the user will be given this role. This allows you to create one role that can be used for multiple games.
Select the role you want to assign to the user from the Roles dropdown menu.
Enter the namespace where the user should have this role in the Namespace field. You can enter more than one namespace.