auth/opa/ad/update.rego

package AD.UPDATE

default allow := false

allow {
	input.userUuid == input.owner
}

allow {
	input.role == "admin"
}