-
Notifications
You must be signed in to change notification settings - Fork 83
Cedar Cheat Sheet [WIP]
Safin Wasi edited this page Feb 17, 2025
·
1 revision
This is intended as a quick cheat sheet for the conditions part of a cedar policy.
...
when {
principal has some_claim
};
Example: Allow access if access token has the scope claim
permit (
principal,
action,
resource
)
when {
principal has scope
};
...
when {
principal has some_claim.some_attribute
};
Example: Allow access if the ID token has email_address
permit (
principal,
action,
resource
)
when {
principal has id_token.email_address
};
...
when {
principal has some_claim.some_attribute &&
principal.some_claim.some_attribute == "some value"
};
Example: Allow access if the login type is "otp", which is provided via the acr claim in the ID token
permit (
principal,
action,
resource
)
when {
principal has id_token.acr &&
principal.id_token.acr == "otp"
};
...
when {
context has current_time &&
context.current_time > <some value>
};
Example: deny access when the request time is older than a certain timestamp
forbid (
principal,
action,
resource
)
when {
context has current_time &&
context.current_time > 1739809517
};