Skip to main content

App > Design > AI > BrainBot Restrictions

Control what global and player data BrainBot can access when responding to team member queries

Written by Jason Liang

The App > Design > AI > BrainBot Restrictions page controls the level of data access that BrainBot — brainCloud's built-in AI assistant — has when answering team member questions. By default, BrainBot has full read and write access to your app's global data and player data, allowing it to look up live values to give accurate, contextual answers. This page lets you restrict or remove that access entirely if your security policy requires it.

Why Restrict BrainBot's Access?

BrainBot's ability to read live data makes it significantly more helpful — for example, it can look up an actual global property value when answering a question about it, or summarise a player's data when helping diagnose a support issue. However, in some situations you may want to limit this access:

  • Sensitive player data — if your app stores personally identifiable information or financial data, you may want to prevent BrainBot from reading it, even for internal team use.

  • Production environment safety — restricting BrainBot to read-only access on a production app prevents it from making any data changes, even if instructed to do so by a team member.

  • Compliance requirements — some data protection frameworks require limiting the number of systems that can access user data. Setting BrainBot to No Access removes it from the data access chain entirely.

Enabling Restrictions

Check the Enable brainBot Restrictions checkbox to activate access control. When restrictions are disabled (the default), BrainBot has full Read + Write access to both global and player data — equivalent to an unrestricted team member.

When you enable restrictions for the first time, both access levels are automatically set to Read-only as a safe starting point. You can then adjust each independently. Disabling restrictions again immediately resets both access levels back to Read + Write — no confirmation is required, so use care on production apps.

Access Level Settings

Two independent dropdowns control BrainBot's data access. Both are disabled (greyed out) unless restrictions are enabled. Each offers the same three options:

Global Data Access — controls BrainBot's access to your app's global-scope data: global properties, global statistics, global entities, cloud code scripts, leaderboard configs, and similar app-wide configuration.

  • No Access — BrainBot cannot read or write any global data. Questions that would normally involve looking up a live global property value will be answered without that context.

  • Read-only — BrainBot can read global data to inform its answers but cannot make any modifications, regardless of what a team member asks it to do. This is the recommended setting for production apps.

  • Read + Write — BrainBot has full access to read and modify global data. This is the default (unrestricted) level.

Player Data Access — controls BrainBot's access to individual player (profile) data: user statistics, user entities, player inventory, player currencies, and other per-player records.

  • No Access — BrainBot cannot read or write any player data. Questions about specific players will be answered without live player context.

  • Read-only — BrainBot can look up a player's data to help answer support or diagnostic questions but cannot make changes to any player record.

  • Read + Write — BrainBot has full access to read and modify player data. Use only in development environments where data integrity concerns are lower.

Recommended Settings by Environment

Development / staging apps — restrictions disabled (Read + Write on both) is generally acceptable. BrainBot's full context awareness makes it most helpful during active development, and the data is not live.

Production apps (standard) — enable restrictions and set both Global Data Access and Player Data Access to Read-only. BrainBot can still give contextually accurate answers using live data, but cannot modify anything, reducing the risk of accidental changes on a live app.

Production apps (sensitive data) — enable restrictions and set Player Data Access to No Access. Global data can remain at Read-only for useful answers about configuration. Setting player data to No Access ensures BrainBot never touches player records in any way.

Fully locked down — set both to No Access. BrainBot will answer questions based only on its general brainCloud knowledge and any custom context you have provided via BrainBot Context, without accessing any live app data.

Actions

  • Reset — discards all unsaved changes and restores the previously saved settings. Disabled when there are no unsaved changes.

  • Save — persists the restriction settings. Disabled when there are no unsaved changes or when you lack write access.

Permissions

Viewing this page requires the DESIGN_PORTAL_BRAINBOT_RESTRICTIONS permission. Modifying the settings requires write access to that permission. Users with read-only access can see the current settings but all controls are disabled.

Did this answer your question?