Thanks, that works! Is there any option for the policy needing to meet at least two derived roles?
04/27/2023, 12:37 PM
If I understand you correctly, it's not possible to specify that the principal must have
derived_role_a AND derived_role_b
. If you want to ensure that both conditions from those derived roles have been met, you'd need to define a third derived role that encompasses both conditions and write your policy rule targeting only that new derived role.