Skip to main content

Add permissions to an IAM client

Last updated on October 29, 2024

Overview

AccelByte Gaming Services (AGS) uses identity and access management (IAM) clients to manage which game resources can be accessed and manipulated by applications. This How-to will walk you through adding permissions to an IAM client you created for your game using the AGS Admin Portal.

For more information about IAM clients and how they interact with AGS, see Manage access control for applications.

Prerequisites

To manage IAM clients, you will need an AGS account with Admin Portal administrator privileges to the game namespace you wish to create an IAM client for. If you don't have access, please reach out to your AccelByte account representative.

You will also need an IAM client created in your desired game namespace to add permissions to it.

Add permissions to an IAM client

  1. On the Admin Portal sidebar, select Game Setup > Games and Apps > IAM Clients.
  2. From the IAM Clients list, find the IAM client you want to edit and click on its ID to view its details.
  3. On the details page of the IAM Client, go to the Permissions tab and click on the + Add button. The Add Client Permission form appears.
  4. Fill in the required information on the form:
    1. Resource: A permission resource is a string containing multiple tokens that the system uses to grant access to specific resources. For more information, see permissions.
    2. Action: Select which actions this permission will be able to perform.
  5. Click Confirm to add the new permission to the IAM client.

Get application access token using AGS SDKs

A Credential client requires a valid access token for server-to-server (S2S) calls to AGS.

The code below generates a valid access token using AGS SDK for a credential client.

bool bServerLoggedIn = false;
bool bServerLoginComplete = false;
FRegistry::ServerOauth2.LoginWithClientCredentials(FVoidHandler::CreateLambda([&bServerLoggedIn, &bServerLoginComplete]()
{
UE_LOG(LogAccelByteEcommerceTest, Log, TEXT("Server Login Success"));
bServerLoginComplete = bServerLoggedIn = true;
}), FErrorHandler::CreateLambda([&bServerLoggedIn, &bServerLoginComplete](int32 ErrCode, FString const& ErrMsg)
{
UE_LOG(LogAccelByteEcommerceTest, Error, TEXT("Server Login Success"));
bServerLoginComplete = true;
}));
WaitUntil(bServerLoginComplete, "Waiting for server logged in...");