Introduction to Authorization
Overview
The Authorization service provides you with a range of options that provide access control to AccelByte Gaming Services (AGS), for each account and application, all in a highly customizable manner.
Authorization Components
It is important to understand the key components that we used in this service's design.
Permissions
Permissions are how the platform controls and restricts access to resources. Each permission is a single-line string, consisting of a permission tag and permission action. The system uses permissions to grant access rights to AGS for users (via a Role) and applications (via an IAM Client).
Role
A Role is a way to assign and maintain the same set of permissions for multiple users at once. Essentially, a Role is a simple collection of permissions, which you can configure to enable access to specific namespaces. This means that any user you assign to that role has the permissions that the the role grants in the corresponding namespaces.
The ability to customize roles in Shared Cloud will be available soon.
IAM Client
An IAM client is an application, such as a game server or website, that requests access to protected platform data and resources. IAM clients enable you to control which resources an application can access, rather than a specific user. You can define IAM clients under any namespace (either Publisher or Game namespace), depending on whether the application is specific to your publisher-level resources or one of your games.
The ability to configure the IAM clients in Studio Namespace will be available soon.