Closed abynenkov-ib closed 4 years ago
ABAC-policy requires this context rule stanza:
context { where ctx.tenant == "acme.com"; } { allow subject user pete.rose@chicago.il.us to buy products.inventory where ctx.genre == "gambling"; }
ie: we want to take the customer-written SEAL policy and surround it with account_id context as ABAC policies are specific to an account:
context { where ctx.subject.account_id == "42"; } { allow ... }
ABAC-policy requires this context rule stanza:
ie: we want to take the customer-written SEAL policy and surround it with account_id context as ABAC policies are specific to an account: