Google Git
Sign in
eclipse / gerrit / www.eclipse.org / keti / 3cf7ae040e74c70884287a8d8c9335a2801c78e4 / . / acs-integration-tests / src / test / resources / policy-set-with-multiple-policies-na-with-condition.json
blob: 6cee5ae5a5b2372cbc25afd5bf6d17f2c30152e2 [file] [log] [blame]
{
"name" : "test-policy-set",
"policies" : [
{
"name" : "Operators can read a site if they are assigned to the site.",
"target" : {
"name" : "When an operator reads a site",
"resource" : {
"name" : "Site",
"uriTemplate" : "/sites/{site_id}"
},
"action" : "GET",
"subject" : {
"name" : "Operator",
"attributes" : [
{ "issuer" : "https://acs.attributes.int",
"name" : "site" }
]
}
},
"conditions" : [
{ "name" : "is assigned to site",
"condition" : "'sanramon'.equals('ny')" }
],
"effect" : "PERMIT"
},
{
"name" : "Operators can read a site if they are assigned to the site.",
"target" : {
"name" : "When an operator reads a site",
"resource" : {
"name" : "Site",
"uriTemplate" : "/sites/{site_id}"
},
"action" : "GET",
"subject" : {
"name" : "Operator",
"attributes" : [
{ "issuer" : "https://acs.attributes.int",
"name" : "site" }
]
}
},
"conditions" : [
{ "name" : "is assigned to site",
"condition" : "'sanramon'.equals('ny')" }
],
"effect" : "DENY"
},
{
"name" : "Operators can read a site if they are assigned to the site.",
"target" : {
"name" : "When an operator reads a site",
"resource" : {
"name" : "Site",
"uriTemplate" : "/sites/{site_id}"
},
"action" : "GET",
"subject" : {
"name" : "Operator",
"attributes" : [
{ "issuer" : "https://acs.attributes.int",
"name" : "site" }
]
}
},
"conditions" : [
{ "name" : "is assigned to site",
"condition" : "'sanramon'.equals('ny')" }
],
"effect" : "PERMIT"
}
]
}