A policy to evaluate authorization requests for any permissioned action performed in Backstage.
Remarks
This takes as input a permission and an optional Backstage identity, and should return ALLOW if
the user is permitted to execute that action; otherwise DENY. For permissions relating to
resources, such a catalog entities, a conditional response can also be returned. This states
that the action is allowed if the conditions provided hold true.
Conditions are a rule, and parameters to evaluate against that rule. For example, the rule might
be isOwner and the parameters a collection of entityRefs; if one of the entityRefs matches
the owner field on a catalog entity, this would resolve to ALLOW.
A policy to evaluate authorization requests for any permissioned action performed in Backstage.
Remarks
This takes as input a permission and an optional Backstage identity, and should return ALLOW if the user is permitted to execute that action; otherwise DENY. For permissions relating to resources, such a catalog entities, a conditional response can also be returned. This states that the action is allowed if the conditions provided hold true.
Conditions are a rule, and parameters to evaluate against that rule. For example, the rule might be
isOwnerand the parameters a collection of entityRefs; if one of the entityRefs matches theownerfield on a catalog entity, this would resolve to ALLOW.