Rounak Datta08/17/2022, 12:44 PM
), how does one achieve that as well?
Charith (Cerbos)08/17/2022, 1:17 PM
If your user has the
- actions: ['*'] effect: EFFECT_ALLOW roles: ["admin"] condition: match: expr: "hierarchy(request.principal.attr.projectScope).ancestorOf(hierarchy(request.resource.attr.projectScope))"
role and a
, and if the resource has a
attribute of `project.x.component.a`then access would be granted. But if the resource has a
it won't be allowed.
Rounak Datta08/17/2022, 2:41 PM
Viet Au08/17/2022, 3:52 PM
Charith (Cerbos)08/17/2022, 4:03 PM
I used in my example is not related to
in scoped policies. It's just bad naming on my part. Sorry about the confusion. The example is demonstrating how you can store relationships between particular users and resources in your system and write Cerbos policies to make access decisions based on those.