Allows access for any entity
This example shows how you might create a policy that allows any authenticated principal to view the album
alice_vacation
.
permit( principal, action == Action::"view", resource in Album::"alice_vacation" );
This example shows how you might create a policy that allows the user alice
list all the albums in the
jane
account, list the photos in each album, and view photos in the
account.
permit( principal == User::"alice", action in [Action::"listAlbums", Action::"listPhotos", Action::"view"], resource in Account::"jane" );
This example shows how you might create a policy that allows the user alice
to perform any action on
resources in the album jane_vaction
.
permit( principal == User::"alice", action, resource in Album::"jane_vacation" );