Open
Description
cedar-go does not have parity, as noted in the README, with cedar-rust with regard to loading and including the schema in authorization requests. It would be nice to see cedar-go have support for this, as it enables additional use cases, such as the one below.
Use Case:
In order to express Action Hierarchy, where a Role contains one or more actions, a cedar schema needs to be loaded and used in the evaluation of policies. For example, the following schema allows policies to permit the SuperAdmin action, and have the PARC reference BillingAdmin and the outcome be Allow.
{
"Role": {
"entityTypes": {},
"actions": {
"SuperAdmin": {
"appliesTo": {
"principalTypes": [],
"resourceTypes": []
}
},
"MinimalAccountAccess": {
"memberOf": [
{
"id": "SuperAdmin"
}
],
"appliesTo": {
"principalTypes": [],
"resourceTypes": []
}
},
"Admin": {
"memberOf": [
{
"id": "SuperAdmin"
}
],
"appliesTo": {
"principalTypes": [],
"resourceTypes": []
}
},
"AdminReadOnly": {
"memberOf": [
{
"id": "Admin"
}
],
"appliesTo": {
"principalTypes": [],
"resourceTypes": []
}
},
"BillingAdmin": {
"memberOf": [
{
"id": "Admin"
}
],
"appliesTo": {
"principalTypes": [],
"resourceTypes": []
}
},
"BillingAdminReadOnly": {
"memberOf": [
{
"id": "BillingAdmin"
},
{
"id": "AdminReadOnly"
}
],
"appliesTo": {
"principalTypes": [],
"resourceTypes": []
}
}
}
}
}Metadata
Metadata
Assignees
Labels
No labels