auth/opa/ad/read.rego

12 lines
122 B
Plaintext

package AD.READ
default allow := false
allow {
input.userUuid == input.owner
}
allow {
input.role == "admin"
}