Jesum Yip
08/17/2023, 6:40 AMJesum Yip
08/17/2023, 6:41 AMrules.resource: "*"
Jesum Yip
08/17/2023, 6:41 AMrules.resource: "resource-Y"
Jesum Yip
08/17/2023, 6:42 AMJesum Yip
08/17/2023, 6:42 AMDennis (Cerbos)
rules.resource: "*"
which gives EFFECT_ALLOW
with condition R.kind == "resource-Y"
Jesum Yip
08/17/2023, 6:49 AMJesum Yip
08/17/2023, 6:49 AMJesum Yip
08/18/2023, 7:15 AMJesum Yip
08/18/2023, 7:16 AMapiVersion: "api.cerbos.dev/v1"
principalPolicy:
principal: "principal-id"
rules:
- resource: "*"
actions:
- action: read
condition:
match:
expr: R.kind != "the_resource_that_user_should_have_access_to"
effect: EFFECT_DENY
Jesum Yip
08/18/2023, 7:17 AM