Skip to main content

Introduction to Authorization

Last updated on October 29, 2024

Overview

The Authorization service provides you with a range of options that provide access control to AccelByte Gaming Services (AGS), for each account and application, all in a highly customizable manner.

Authorization Components

Authorization service components

It is important to understand the key components that we used in this service's design.

Permissions

Permissions are how the platform controls and restricts access to resources. Each permission is a single-line string, consisting of a permission tag and permission action. The system uses permissions to grant access rights to AGS for users (via a Role) and applications (via an IAM Client).

Role

A Role is a way to assign and maintain the same set of permissions for multiple users at once. Essentially, a Role is a simple collection of permissions, which you can configure to enable access to specific namespaces. This means that any user you assign to that role has the permissions that the the role grants in the corresponding namespaces.

AGS Shared Cloud

The ability to customize roles in Shared Cloud will be available soon.

IAM Client

An IAM client is an application, such as a game server or website, that requests access to protected platform data and resources. IAM clients enable you to control which resources an application can access, rather than a specific user. You can define IAM clients under any namespace (either Publisher or Game namespace), depending on whether the application is specific to your publisher-level resources or one of your games.

AGS Shared Cloud

The ability to configure the IAM clients in Studio Namespace will be available soon.