34 lines
870 B
YAML
34 lines
870 B
YAML
# yaml-language-server: $schema=https://api.cerbos.dev/latest/cerbos/policy/v1/Policy.schema.json
|
|
# docs: https://docs.cerbos.dev/cerbos/latest/policies/resource_policies
|
|
|
|
apiVersion: api.cerbos.dev/v1
|
|
resourcePolicy:
|
|
resource: workspace
|
|
version: default
|
|
rules:
|
|
|
|
- actions: ["create"]
|
|
effect: EFFECT_ALLOW
|
|
roles: ["super"]
|
|
|
|
- actions: ["read"]
|
|
effect: EFFECT_ALLOW
|
|
roles: ["super", "admin", "user"]
|
|
condition:
|
|
match:
|
|
expr: R.attr.workspaceId in P.attr.workspaceIds
|
|
|
|
- actions: ["update"]
|
|
effect: EFFECT_ALLOW
|
|
roles: ["super", "admin"]
|
|
condition:
|
|
match:
|
|
expr: R.attr.workspaceId in P.attr.workspaceIds
|
|
|
|
- actions: ["delete"]
|
|
effect: EFFECT_ALLOW
|
|
roles: ["super"]
|
|
condition:
|
|
match:
|
|
expr: R.attr.workspaceId in P.attr.workspaceIds
|