Player Role Permissions


Not sure if this is the right board to ask questions about default ‘roles’ in Lumberyard.

CloudCanvas automatically defines the “Player” role but I was curious about what qualifies as “Player”. For example, when creating an API with ‘AbstractRole’ set to ‘Player’, I was under the impression that only logged in player’s would be able to call that API, but realized that sample levels without user login were utilizing the same set up for their API’s (i.e. text-to-speech api calls).

Upon further inspection in the deployment-access-template.json file, it seems that there is a reference to cognito userpool though.

I guess my question is, does the ‘Player’ role limit access to cognito users? or does it just give any of your game “clients” access, regardless if they’re registered, access to the API?

Yup, it does but does! Is there any predesignated role that verifies that a user is logged into a non-anonymous & verified Cognito id (i.e. “PlayerLoginRole”). Lol, maybe I’m trying to get around an API auth too much but if it’s implemented, I would love to use it!

edit: I also noticed my project doesn’t have a deployment-access-template.json file, is this normal?

Hi Naotoy,

You are correct. The “Player” role is granted to anyone who has obtained a valid id from our Cognito User Pool. The Cognito User Pool supports anonymous authentication. When your game is built with the Cloud Gem Framework enabled the game will obtain an anonymous Cognito id on startup.

To enabled an authentication flow in your game you could enable our Cloud Gem Player Account gem.

Does that help clear things up?

Happy New Year!


Hi @CC_Brian, thanks for your reply!

That definitely clears things up for me with the RoleAccess! Thanks!

So for the deployment-access-template.json, can we disregard the files listed under ‘Administration’ in the Resource Manager now as they all return blank (since no such files exist in the project folder)? Instead, do we work in the Gems\CloudGemFramework\v1\ResourceManager\resource_manager\templates if we would like to edit any Role related behavior?

@CC_Brian Thanks for your replies! That definitely helps clear it up enough to lead me in the direction I wanted

Hi @naotoy,

A separate “AuthenticatedPlayer” access role is on our near term to do list which on our current schedule would put it in the 1.15 release.

Regarding the deployment-access-template.json file that is normal - this file used to live at tools/lmbr_aws/AWSResourceManager/default-project-content and get copied into the project folder but now lives at Gems\CloudGemFramework\v1\ResourceManager\resource_manager\templates and is not copied. Did you run into some documentation describing the old system?

Hi @naotoy,

So you can think of the files living under CloudGemFramework as the “defaults” and then we created a series of “extension” files which can live in your GameProject\AWS\ folder that can further customize/add to/restrict your resources which will appear under the Administration tab. In general you should be able to make changes here rather than editing the defaults directly since that could make integrating new code drops a bit trickier, though that is an option if you’d like to go that route. There’s some documentation at under “Template Extension Files” which describes working with these files.