auth/opa/ad/delete.rego

12 lines
118 B
Plaintext

package AD.DELETE
default allow := false
allow {
input.userUuid == input.owner
}
allow {
input.role == "admin"
}