Permissions
Control who can access channels and user metadata in your chat app. Define permission schemas to protect against unauthorized access.
Examples:
- Restrict channel/profile modifications to specific users
- Allow only admins to remove users from channels
Chat SDK limitations (client-side only):
- Channel membership restrictions (direct, group, public)
- Feature availability errors in public chats (typing indicator, invites, read receipts)
Use Access Manager for strict server-enforced access rules. Chat SDK exposes all Unity SDK Access Manager methods.
Required configuration
- Enable Access Manager in the Admin Portal.
- Initialize Chat SDK:
- Server: with
SecretKeyto administer permissions - Client: with
AuthKeyto authenticate users
- Server: with
See Moderation for examples.
Secret key security
Never expose SecretKey to clients. If compromised, generate a new one in the Admin Portal.
Use Access Manager
Available methods:
GrantToken()- Generate time-limited token with access control listRevokeToken()- Disable token and revoke permissionsParseToken()- Decode token to view permissionsSetAuthToken()- Update authentication token
Channel group limitation
Chat SDK doesn't support channel groups. Use a core SDK for channel groups.
Resource permissions
Define operations users can perform on PubNub resources:
| Resource type | Permissions |
|---|---|
Channels | Read, Write, Get, Manage, Update, Join, Delete |
Uuids | Get, Update, Delete |
See Moderation for muting/banning with Access Manager.
Operations-to-permissions mapping
Access levels determine user operations. Example: Write on Channels allows sending messages via SendText().
The tables below map permissions to Chat SDK operations.
Pub/Sub
| PubNub operation | Resource type(s) | Permission | Unity Chat SDK method(s) |
|---|---|---|---|
| Publish on channels | Channels | Write | Send text messages (SendText()) Forward messages ( Forward(), ForwardMessage()) Create and send events ( EmitEvent()) Report messages ( Report()) |
| Send signals to channels | Channels | Write | Typing indicator methods Create and send events ( EmitEvent()) |
| Subscribe to channels | Channels | Read | Typing indicator methods Receive events ( SetListeningForUpdates()) Receive messages ( Connect()) Membership updates ( OnMembershipUpdated) Channel updates ( Update(), UpdateChannel()) Messages updates ( OnMessageUpdated) User updates ( OnUserUpdated) |
| Subscribe to presence channels | Presence channels (<channel-name>-pnpres) | Read | n/a |
| Unsubscribe from channels | Channels | None required | Stop receiving typing signals, events, messages, updates on membership, channels, messages, and users |
Presence
| PubNub operation | Resource type(s) | Permission | Unity Chat SDK method(s) |
|---|---|---|---|
| Here Now | Channels | Read | Channel presence (WhoIsPresent()) |
| Where Now | Channels | None required | Channel presence (WherePresent(), IsPresentOn(), IsPresent()) |
Message Persistence
| PubNub operation | Resource type(s) | Permission | Unity Chat SDK method(s) |
|---|---|---|---|
| Fetch historical messages | Channels | Read | getMessageHistory() |
| Message counts | Channels | Read | Unread messages (GetUnreadMessagesCount(), GetUnreadMessagesCounts()) |
| Delete messages | Channels | Delete | Delete() |
App Context
| PubNub operation | Resource type(s) | Permission | Unity Chat SDK method(s) |
|---|---|---|---|
| Set user metadata | Uuids | Update | Create users (CreateUser()) Update user metadata ( Update(), UpdateUser()) |
| Delete user metadata | Uuids | Delete | DeleteUser() |
| Get user metadata | Uuids | Get | Get user data (GetUser()) |
| Get all user metadata | Uuids | You don't need to specify permissions to enable it if you uncheck the Disallow Get All User Metadata option in the App Context configuration in the Admin Portal. | chat.GetUsers() |
| Set channel metadata | Channels When working with threads, also grant permissions to PUBNUB_INTERNAL_THREAD channels. | Update, Get | Create channels (CreateDirectConversation(), CreateGroupConversation(), CreatePublicConversation()) Update channels ( Update(), UpdateChannel()) Pin messages ( Pin(), PinMessage()) Threads ( CreateThread(), PinMessage(), PinMessageToParentChannel(), UnpinMessage(), UnpinMessageFromParentChannel()) |
| Delete channel metadata | Channels | Delete | Delete(), DeleteChannel() |
| Get channel metadata | Channels | Get | Get channel details (GetChannel()) Get pinned messages ( GetPinnedMessage()) Get thread ( GetThread()) |
| Get all channel metadata | Channels | You don't need to specify permissions to enable it if you uncheck the Disallow Get All Channel Metadata option in the App Context configuration in the Admin Portal. | chat.GetChannels() |
| Set channel members | Channels | Manage | Invite multiple users to channels (InviteMultiple()) Mute/Ban users ( SetRestriction()) |
| Remove channel members | Channels | Manage | Unmute/Unban users (SetRestriction()) |
| Get channel members | Channels | Get | Get members (GetMemberships()) Check restrictions ( GetUserRestriction(), GetUsersRestrictions(), GetChannelsRestrictions(), GetChannelRestriction()) |
| Set channel memberships | Channels, Uuids | Join on Channels Update on Uuids | Create channels (CreateDirectConversation(), CreateGroupConversation()) Invite a user to a channel ( Invite()) Join channels ( Join()) Update membership ( Update()) Unread messages ( SetLastReadMessage(), MarkAllMessagesAsRead()) |
| Remove channel memberships | Channels, Uuids | Join on Channels Update on Uuids | Leave channels (Leave()) |
| Get channel memberships | Uuids | Get | List channels (GetChannels()), GetMemberships() |
Message Reactions
| PubNub operation | Resource type(s) | Permission | Unity Chat SDK method(s) |
|---|---|---|---|
| Add message reaction | Channels | Write | ToggleReaction() |
| Remove message reaction | Channels | Delete | ToggleReaction() |
| Get history with reactions | Channels | Read | getMessageHistory() |