1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
1
I would suggest having two entity types:
- User (memberOfTypes: Group)
- Group
Then you would have two policies granting the same access:
permit(principal == User::"MyUserForTesting", ...)
permit(principal in Group::"A", ...)
You could try to consolidate it into a single policy by adding 'groups' and 'userId' attribute on user but I think it will hurt policy readability.
beantwortet vor 4 Monaten
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 2 Jahren
Great, thank you. I got it working.