Allows access to groups of entities
This example shows how you might create a policy that allows anyone in the group alice_friends
to view
the photo VacationPhoto94.jpg
.
permit( principal in Group::"alice_friends", action == Action::"view", resource == Photo::"VacationPhoto94.jpg" );
This example shows how you might create a policy that allows the user alice
to view any photo in the
album alice_vacation
.
permit( principal == User::"alice", action == Action::"view", resource in Album::"alice_vacation" );
This example shows how you might create a policy that allows the user alice
to view, edit, or delete any
photo in the album alice_vacation
.
permit( principal == User::"alice", action in [Action::"view", Action::"edit", Action::"delete"], resource in Album::"alice_vacation" );
This example shows how you might create a policy that allows permissions for the user alice
in the album
alice_vacation
, where admin
is a group defined in the
schema hierarchy that contains the permissions to view, edit, and delete a photo.
permit( principal == User::"alice", action in PhotoflashRole::"admin", resource in Album::"alice_vacation" );
This example shows how you might create a policy that allows permissions for the user alice
in the album
alice_vacation
, where viewer
is a group defined in the
schema hierarchy that contains the permission to view and comment on a photo. The user
alice
is also granted the edit
permission by the second
action listed in the policy.
permit( principal == User::"alice", action in [PhotoflashRole::"viewer", Action::"edit"], resource in Album::"alice_vacation" )