...
- Atlas policy resource can have resource as : taxonomy, entity, type, operation and term.
Each resource field can take in multiple values.
- Include/exclude flag is specified at this resource level, default is include. By turning the flag to exclude inverts the resource definition.
For example, if you have a resource setup as follows: Taxonomy=CompanyName, Term=Finance. and Term level is set to Exclude, then it means that means the resource is effectively referring to all Terms of Taxonomy CompanyName except the Term Finance.
Note: As part of 0.6 release, all resources of Atlas supports * for resources only. More granular level of access control is planned for next release.Use excludes flag in resource definition when it makes simplifies the policy definition. Indiscriminate use of include/exclude flag can make reasoning about authorization challenging.
- Auditing is specified at the resource level.
Policy Item(s)
Each policy can have zero or multiple policy items.
...