https://cerbos.dev logo
#help
Title
# help
b

Bradey Wood

11/13/2023, 5:11 PM
Resource Policy:
Copy code
apiVersion: "api.cerbos.dev/v1"
description: |-
  This policy defines who can access an app
resourcePolicy:
  version: "template"
  resource: "mua:app"
  rules:
    - actions: ["access"]
      roles: ["*"]
      effect: EFFECT_ALLOW
      condition:
        match:
          expr: R.id in P.attr.appsEnabled
Test:
Copy code
---
name: access app
description: Tests for verifying who can access an app

principals:
  ioi_enabled:
    id: ioi_user
    roles: [user]
    attr:
      appsEnabled: ["ioi"]
  ecm_enabled:
    id: ecm_user
    roles: [user]
    attr:
      appsEnabled: ["ecm"]
  both_enabled:
    id: ioi_and_ecm_user
    roles: [user]
    attr:
      appsEnabled: ["ecm", "ioi"]

resources:
  ioi:
    id: ioi
    kind: "mua:app"
  ecm:
    id: ecm
    kind: "mua:app"

tests:
  - name: app enabled users can access the relevant app
    input:
      principals:
        - ioi_enabled
      resources:
        - ioi
      actions:
        - access
    expected:
      - principal: ioi_enabled
        resource: ioi
        actions:
          access: EFFECT_ALLOW