I am working on a project using Verified Permissions along side AzureAD. AzureAD is connected to our enterprise Active Directory, and replicates AD group membership back to AzureAD. Our application gets the group membership list as an array.
We want to pass the group membership array and user Id to Verified Permissions IsAuthorized, and have policies that check for membership in a particular group and optionally override group permissions with a user ID. (For testing, we wish to simulate a user is in a different group.. it takes way too long to get IT to remap someone's group membership for testing purposes). I see mentions of using groups in the documentation, but not enough context to understand how it is suggested to be working or if I need a different approach: https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/policies_examples-group-entities.html
What is the best way to setup the principal in the schema and write a policy for the following?
We basically want to do (in english, not cedar):
Apply Policy X for Principal Where Member Of "GroupA" Or UserId = "MyUserForTesting"
AWS 官方已更新 1 年前
Great, thank you. I got it working.