XR-045: Xbox Live and Account Privileges *

Version 1.4, 6/1/2021

Xbox Live provides users with an expected level of privacy and online safety for themselves and their children. In order to deliver on that promise, titles must check the Xbox Live service for privileges to complete certain actions on the Xbox Live service or in a title experience.

Activity ID Privilege Name Notes
Playing in a multiplayer game session 254 XPRIVILEGE_MULTIPLAYER_SESSIONS Allows a user to join online multiplayer gameplay sessions with real-world users (not bots) in scenarios such as: Synchronous player-vs-player gameplay in the same session, asynchronous turn-based gameplay, Team-based gameplay, User-initiated matchmaking, Sending or accepting invitations, Join-in-progress sessions. Note this privilege does not pertain to local multiplayer games run on the same device.
Playing in a cross network game play session 185 AuthPrivileges.CrossNetworkPlay Allows a user to participate in a gameplay session with other real-world players who are not signed into Xbox Live in scenarios such as: Synchronous player-vs-player gameplay in the same session, asynchronous turn-based gameplay, Team-based gameplay, User-initiated matchmaking, Sending or accepting invitations, Join-in-progress sessions.
Communication with anyone 252 XPRIVILEGE_COMMUNICATIONS Allows a user to communicate with any other Xbox Live users through voice or text.
Shared gaming sessions 189 XPRIVILEGE_SESSIONS Allows a user to participate in connected single-player experiences in shared environments or in scenarios where a title is a hybrid free to play and paid multiplayer title and uses this privilege to gate those experiences Xbox consoles. Single player experiences must not have any features covered under privilege 252 or 254 (Communications and Multiplayer, respectively). Use of this privilege is a title capability that requires platform approval.
User-generated content (UGC) 247 XPRIVILEGE_USER_CREATED_CONTENT Allows a user to see other users' UGC online, download other users' UGC, or share their own UGC online. This does not restrict usage of previously downloaded UGC.
Sharing to a social network 220 XPRIVILEGE_SOCIAL_NETWORK_SHARING Xbox consoles Only: Allows a user to share information, including game progress, Kinect-generated content, game clips, and so on outside of Xbox Live.

Free to play titles, demos, or betas can be configured to allow multiplayer gameplay (ID 254) for players who are not Xbox Live Gold subscribers. This is done via a service side configuration and can be initiated by contacting your Microsoft representative. These titles must continue to check for the multiplayer game privilege to ensure that parental controls and player choices are respected.

More Information

If your services processes Xbox Live issued tokens, you should enforce on your service that the users in the session have the appropriate privileges to perform the requested action by inspecting the "prv" claim for those users inside the token.

If a title offers one or more of the activities listed in the above table, the title must check privileges associated with the particular activity. If a user does not have the privilege, the user must not be allowed to use the associated activity. Privileges are granted for the duration of the session/action or the time before the Xbox Live token is refreshed, whichever is shorter.

Using the GDK on PC or Xbox consoles: To check if a user has a privilege using the GDK, titles should use the XUserCheckPrivilege and XUserResolvePrivilegeWithUiAsync APIs. Specific information around usage pattern and context handling is available in the Xbox Live User Privileges overview topic in the GDK documentation.

Using the Xbox One XDK : To check if a user has a privilege on Xbox One, titles use the Store::Product::CheckPrivilegeAsync API. If the privilege check is a result of a user action, such as entering a multiplayer game mode, the attemptResolution parameter must be set to true (or not set at all). The platform checks the privilege and, if the user does not have it, attempts to determine the reason why.

If the API returns false, the user does not have the privilege and the system has not successfully resolved the issue. In such cases, the title must block the privileged activity but can assume that the system has already appropriately informed the user either that they do not have the appropriate permission for the activity or that there is an issue regarding the user's privilege.

In cases where the privilege check is done not as a result of user action but, for example, as part of a silent background call or to decorate the UX, the API should be called with attemptResolution set to false. As a result, the user is not messaged and the system does not intervene to correct any privilege issues.

Using XSAPI directly with UWP, Win32, mobile or other platforms: The user does not have the privilege if it is absent from the "prv" claim and the title should prevent the user from continuing with the privileged activity. If the check was triggered by the user requesting access to the privileged activity, such as trying to start or join a multiplayer session, the title should show an informative message to let them know they cannot participate. Suggested messaging is as follows:

Playing in a multiplayer game session:

"Sorry, you're currently prevented from playing online multiplayer games."

Playing in a cross network game play session (Assumes the player has the multiplayer privilege):

"Sorry, you're currently prevented from playing with people on platforms other than Xbox Live."

Communication with anyone: If blocked, user tries to unmute themselves in a game chat session:

"Sorry, you're currently prevented from talking with other people on Xbox Live "

Shared gaming sessions:

"Sorry, you're currently prevented from playing online multiplayer games"

User-generated content (UGC):

"Sorry, you're currently prevented from seeing content other people make. "

Xbox Live Connectivity Issues: If the title receives a failure (either through the API or because it cannot retrieve an Xbox Live token) because the Xbox service is unreachable, the title should block access to the requested action. In such instances, the title should fail gracefully, as described in XR-074, "Loss of Connectivity to Xbox Services," located in this document.

Implementation Guidance and Best Practices

Additional Resources

For more information about privileges and the user token, see "User Token" in the Xbox One Development Kit or the Xbox Application Development Kit documentation. See also the "Upsell and Access Control to Features of Xbox Live Using Privileges" white paper.

For the purposes of this XR, a social network is a site or service outside of Xbox Live that allows an individual to share content with other users by default. If the default option on the external site is enable sharing with friends or everyone, then for the purposes of this XR, it is not necessary that the external site allow the user to choose to limit sharing at the time of upload.

Exemptions

Paid transactional video offerings can be offered to all Xbox users regardless of their video content privilege settings. If the app offers both premium content and paid transactional video offerings, the premium content must adhere to this requirement.

If the app is a public service broadcaster within the country/region where the app is offered on the Xbox platform, all non-commercialized content offerings must be made available to all Xbox users in that country/region, regardless of the users' video content privilege settings.

Titles that offer asynchronous multiplayer between an Xbox One console and a non-console device are not required to check the Multiplayer privilege for experiences on the non-console device.

Certification Test Cases

045-01 Respect User Privileges

Test Steps

  1. Sign in to an Xbox profile and launch the title.
  2. For each of the privileges identified in the XR Remarks, identify if the title supports the associated activity.
  3. For each possible setting of each applicable privilege identified in step [2], perform the following:
  • Exit the title and change the user's settings for the privilege.
  • Restart the console.
  • Sign into the same profile and launch the title.
  • Visit all relevant areas of the title, use all title features relevant to the privilege and verify that the title respects the user's current privilege setting.
  • Attempt to access all offline and online areas using a Silver Xbox profile.

Expected Result
Titles must honor the user's privilege settings.

Pass Examples

  1. The title respects the user's privilege settings.
  2. The title treats a partial-allow privilege setting as if the privilege is disabled / disallowed (e.g. when the User-generated content (UGC) privilege is set to Friends Only, the title behaves as if the privilege is set to Blocked).
  3. For titles using the XDK, the title invokes the system UI to alert the user of any privilege conflicts (titles must use the Store::Product::CheckPrivilegeAsync API).
  4. For titles using the GDK, the title invokes the system UI to alert the user of any privilege conflicts (titles must use the XUserCheckPrivilege and XUserResolvePrivilegeWithUiAsync APIs).
  5. For titles using XSAPI, the title shows an informative message to let the user know they cannot participate.

Fail Examples

  1. The title persists a user's privilege settings and does not reflect the user's actual privileges after they have been changed.
  2. The title treats a partial-allow privilege setting as if the privilege is set to its least restrictive setting (e.g. when the User-generated content (UGC) privilege is set to Friends Only, the title behaves as if the privilege is set to Allowed).
  3. For titles using the XDK or GDK, the title uses in-game messaging to alert the user of any privilege conflicts and does not display the System UI.
  4. For titles using XSAPI, the title does not show an informative message to let the user know they cannot participate.