Provider policy example

This section provides permissions and examples for policy on the provider::/ realm.

Provider policy permissions

The follow policy defines the permissions for resources in the provider::/ realm:

provider::/ {
  if (permit == all) {
    permit create, read, update, delete
  }
}

Provider policy example

The first example gives "tom" the ability to create, read, and delete providers from the root (/) provider namespace. The second rule grants "bob" read-only permissions on providers in the /apcera namespace, and create, read, and delete providers in the /dev namespace.

provider::/ {
  if (auth_server@apcera.me->name=="tom") {
    permit all
  }

  if (permit == all) {
    permit create, read, delete
  }
}

provider::/apcera {
  if (auth_server@apcera.me->name=="bob") {
    permit read
  }
}

provider::/dev {
  if (auth_server@apcera.me->name=="bob") {
    permit all
  }
}