Who Has Authority? (Server Or Client) And When?

After years of working in Unreal Engine, I believe I have a fairly solid understanding of what “Authority” means. Yet, there are many instances in my development efforts currently where I think I know that the server has authority “here” and that the client has authority “here”, but I am sorely mistaken.

The following is a list of instances where the server has authority and where the client does:

  • Server has authority:
    • Within the scope of a server RPC
    • Over an actor if it is the one that spawned it
    • Singleton objects like the game mode and game state
  • Client has authority:
    • Within the scope of a client RPC
    • Over its player controller
      • Within the scope of functions bound to the input component of a pawn
    • Over an actor if it is the one that spawned it

What am I missing from this list? Any situations that come to mind in your development efforts that would help identify when the server has authority and when the client does would be extremely useful and most welcome.

What I hope to achieve from this thread is to be able to compile a master list of every possible instance where the server has authority and when the client does so that it could be easily referenced. I think that would be useful.

Thanks for reading and contributing to this thread :slight_smile:

I don’t think “within a client RPC” means that the client necessarily has authority.
You can broadcast-RPC or send-RPC to actor copies on clients, where the client does not have authority over that object.

Looks like you are mixing two concepts.

Authority is simply the one who spawned the Actor. Replication is only possible if spawned by the server and the Actor is set to replicate.

The other concept is Ownership which can enable a client to use Server RPC´s (RunOnServer) or the Server to use Client RPC´s. (RunOnOwner).

Then there is the concept of Relevancy which if set to OnlyRelevantToOwner obviously only replicate itself to whoever owns the Actor.

Thanks for your response. I have a few questions for you.

  • So if “Authority” is defined as who spawned an actor (server or client), then what is “Ownership”?
  • You said I am mixing the concepts of “Authority” and “Ownership”, can you elaborate on that more?
  • Is the concept of “Ownership” in any way related to “Authority” or is it a completely unrelated concept?

Ownership is which one of the connections (Players) that owns the Actor. It can be none (null) and it can be changed during the game with SetOwner while Authority never changes.

You can always test things. For example:

Is wrong:

Printing “Has Authority” on the player controller:
image
There are two prints from the server because the server has copies of both controllers, and they are both true because the server has authority on both. The client only has one print that’s false because it only has its own controller and does not have authority over it.

Printing “Has Authority” on the player character:
image
There are four prints because both the server and the client have copies of both characters. The server has authority over both its own character & the client’s character, whereas the client has authority over neither.

This is with three players (left is from player controller, right is from player character):
image

And this is on a dedicated server (left is controller, right is character):
image


From the documentation, it says:

The Switch Has Authority node is used to check if the script is being executed on a machine that has Network Authority (in most use cases, this would mean Server) or if its being executed on a remote machine (in most use cases, this would be the Client)."

I think the “in most cases” is referring to when the client spawns a replicated actor, which makes the client the authority; though, because the client spawned it, it won’t spawn for all players because the client is not the server. When spawning a replicated actor on the server, the actor spawns for all players, so in order to have a client spawn an object for all players, you need to have the client request the server to do so.


So the literal answer to the question “Who Has Authority?” is:

But the “in most cases” answer is:

In most use cases, this would mean Server

Because:

9 Likes

I tried to follow what you posted in this other thread.

What is IsStandalone = true? Did you mean if APawn::GetNetMode() == ENetMode::NM_Standalone?

  • Does “NOT IsStandalone” equate to APawn::GetNetMode() != ENetMode::NM_Standalone?
  • I’ve never seen IsServer before. Can you explain what that is?

The server has authority.
The server has authority.
The server has authority.
This is unreal.
The server has authority.
The server has authority.
The server has authority.

The user can press keys on the client. And you can do whatever you want on that single client. But
if you want all the clients to look the same. then You have to send that keypress to the server right?

And then you hopefully conclude…

The server has authority.
The server has authority.
The server has authority.
The server has authority.
The server has authority.

Keep in mind.

YOU HAVE AUTHORITY.

AS the developer to decide whats going to be “Authorized” by running it on the server. And what is not “Authorized” By running it on the clientt.

A user presses a key, a sound goes off on the client. You get to decide wether this is going to be a sound on all the clients or just the dude that pressed the key? If you want all the clients to hear it then you have to push it to them some how. Luckily the server is there which is used to connect all the clients. And the clients can all hear the same sound because the SERVER AUthorized it.

Good Luck. And Have Fun.

Without the use of RPCs, how can you be sure that a block of code or function will be executed on the server or the client?

I’ve just never heard of IsServer before.

Its defined in UKismetSystemLibrary.

bool UKismetSystemLibrary::IsServer(UObject* WorldContextObject)
{
	UWorld* World = GEngine->GetWorldFromContextObject(WorldContextObject, EGetWorldErrorMode::LogAndReturnNull);
	return World ? (World->GetNetMode() != NM_Client) : false;
}

Thanks for mentioning that thought, this will help!

2 Likes

Also, have a look at the Replication Compendium.
Then read it again, and once more :stuck_out_tongue_closed_eyes:

When I have a replication problem, I’m back reading it :grin:

1 Like

That is a really solid reference. I’m going to turn it into an audio book to listen to in the car lol.

he is right, my idea of all this is that server must have the authority and only him can perform the final word, otherwise you can have a leak on client side where hackers can do dirty things pheraps due you are authorizing client to have more control where should not. but thats all about how you need to be, but i believe server can have the last word of everything always should be like that, thats what a Authoritative Server means and thats what its used to make mmo and online games where are secured.