1 Answer
- Newest
- Most votes
- Most comments
1
I would suggest having two entity types:
- User (memberOfTypes: Group)
- Group
Then you would have two policies granting the same access:
permit(principal == User::"MyUserForTesting", ...)
permit(principal in Group::"A", ...)
You could try to consolidate it into a single policy by adding 'groups' and 'userId' attribute on user but I think it will hurt policy readability.
answered 8 months ago
Relevant content
- Accepted Answerasked 2 months ago
- asked 10 months ago
- AWS OFFICIALUpdated 12 days ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
Great, thank you. I got it working.