1 Answer
- Newest
- Most votes
- Most comments
1
I would suggest having two entity types:
- User (memberOfTypes: Group)
- Group
Then you would have two policies granting the same access:
permit(principal == User::"MyUserForTesting", ...)
permit(principal in Group::"A", ...)
You could try to consolidate it into a single policy by adding 'groups' and 'userId' attribute on user but I think it will hurt policy readability.
answered 4 months ago
Relevant content
- asked 6 months ago
- asked 6 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
Great, thank you. I got it working.