You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Have you thought about how you would implement merging multiple policies? I'm looking at the AWS IAM approach, where I can have a group with multiple policies. How would I compile all of these together?
Based on what I'm seeing, I could pull out a collection of allow_me Policy objects, (ignoring the identities bit). Then I could merge the statements into one vector of Statement (have to figure out EffectOrd).
With the unified Statements everything would work. To align with IAM (which may not be a goal of the project), we would need to make sure that any Denied would override Allow.
Have you thought about how you would implement merging multiple policies? I'm looking at the AWS IAM approach, where I can have a group with multiple policies. How would I compile all of these together?
Based on what I'm seeing, I could pull out a collection of allow_me Policy objects, (ignoring the identities bit). Then I could merge the
statementsinto one vector ofStatement(have to figure outEffectOrd).With the unified
Statementseverything would work. To align with IAM (which may not be a goal of the project), we would need to make sure that anyDeniedwould overrideAllow.Thank you for any thoughts.
Related Reading:
The text was updated successfully, but these errors were encountered: