Sets the profiles access policy

Request Details

This will set the access policy statements on the given entity profile. This is not additive, any existing statements will be replaced with the statements in this request.

Request Properties
Entity (required) EntityKey

The entity to perform this action on.

Statements List<EntityPermissionStatement>

The statements to include in the access policy.

POST https://{{TitleID}}
    Content-Type: application/json
  "Statements": [
      "Resource": "pfrn:data--*!*/Profile/Files/avatar.png",
      "Action": "Read",
      "Effect": "Allow",
      "Principal": {
        "FriendOf": "true"
      "Comment": "Allow my friends to read my avatar"
  "Entity": {
    "Id": "90901000",
    "Type": "title_player_account",
    "TypeString": "title_player_account"

Response Details

Result Properties
Permissions List<EntityPermissionStatement>

The permissions that govern access to this entity profile and its properties. Only includes permissions set on this profile, not global statements from titles and namespaces.

Sample Response

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
  "code": 200,
  "status": "OK",
  "data": {
    "Permissions": [
        "Resource": "pfrn:data--title_player_account!90901000/Profile/SomethingCool",
        "Action": "*",
        "Effect": "Allow",
        "Principal": {
          "ChildOf": {
            "EntityType": "[SELF]"
        "Comment": "An example policy"



Possible Error Codes

Name Code
NotAuthenticated 1074
NotAuthorized 1089
ProfileDoesNotExist 1298