Allows access to groups of entities

This example shows how you might create a policy that allows anyone in the group alice_friends to view the photo VacationPhoto94.jpg.


permit(
  principal in Group::"alice_friends", 
  action == Action::"view", 
  resource == Photo::"VacationPhoto94.jpg"
);

This example shows how you might create a policy that allows the user alice to view any photo in the album alice_vacation.


permit(
  principal == User::"alice", 
  action == Action::"view", 
  resource in Album::"alice_vacation"
);

This example shows how you might create a policy that allows the user alice to view, edit, or delete any photo in the album alice_vacation.


permit(
  principal == User::"alice", 
  action in [Action::"view", Action::"edit", Action::"delete"], 
  resource in Album::"alice_vacation"
);

This example shows how you might create a policy that allows permissions for the user alice in the album alice_vacation, where admin is a group defined in the schema hierarchy that contains the permissions to view, edit, and delete a photo.


permit(
  principal == User::"alice", 
  action in PhotoflashRole::"admin", 
  resource in Album::"alice_vacation"
);

This example shows how you might create a policy that allows permissions for the user alice in the album alice_vacation, where viewer is a group defined in the schema hierarchy that contains the permission to view and comment on a photo. The user alice is also granted the edit permission by the second action listed in the policy.


permit(
  principal == User::"alice", 
  action in [PhotoflashRole::"viewer", Action::"edit"],
  resource in Album::"alice_vacation"
)

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Allows access to individual entities

Allows access for any entity