Amazon Verified Permissions policy templates - Amazon Verified Permissions

Amazon Verified Permissions policy templates

You can create Cedar policy templates in Verified Permissions to define an access control rule for your system. Policy templates are Cedar policies with placeholders for the principal, resource, or both. Policy templates allow a policy to be defined once and then attached to multiple principals and resources. Updates to the policy template are reflected across all principals and resources that use the template. For more information, see Cedar policy templates in the Cedar policy language Reference Guide.

We recommend using policy templates to create policies that can be shared throughout your application. For example, you could create a policy template for an editor that provides read, edit, and comment permissions for the principal and resource that use the policy template.

permit( principal == ?principal, action in [Action::"Read", Action::"Edit", Action::"Comment"], resource == ?resource );

When a principal is designated as an editor for a resource, your application could instantiate a policy using the template to provide permissions for the principal to perform the read, edit, and comment actions on the resource.