Use Policy Metadata
Given a policy using resource blocks like:
actor User { }resource Organization { roles = ["admin", "member"]; permissions = [ "read", "add_member", "repository.create", "repository.read", "repository.delete" ]; # role hierarchy: # admins inherit all member permissions "member" if "admin"; # org-level permissions "read" if "member"; "add_member" if "admin"; # permission to create a repository # in the organization "repository.create" if "admin"; # permissions on child resources "repository.read" if "member"; "repository.delete" if "admin";}
The roles
and permissions
declarations are used within the policy for validation.
The permission assignment "read" if "member"
validates that "read"
and "member"
are both
declared within permissions
and roles
respectively.
This information is also available to the application using the policy metadata API. There are two common use cases for this:
- For client-side validation of permissions, roles, and resources.
- For building a UI to manage permissions, roles, and resources.
Fetching Metadata
metadata = oso.getPolicyMetadata();console.log(metadata.resources.Repository.roles);// outputs ["owner", "member"]