Helper Functions

Abbey has created a number of helper functions to help write policies. First you need to write import data.abbey.functions to import the helper functions and then you can start using any helper function you'd like.


The in_group function tests whether an Abbey user belongs to a certain group. To check whether a user is in a group named Engineering, you can write in_group("Engineering").

Look here for the source.

has_attribute(attribute_name, attribute_value)

The has_attribute function tests whether an Abbey user has a certain attribute. For example, to check if a user has an Employee Type of IC, you can write has_attribute("employee_type", "IC"). attribute_name can be the name of any attribute on a user from your IDP and attribute_value can be any string.

Look here for the source.


The expire_at function denies a policy at a certain timestamp ts. For example, if you write expire_at("2023-01-01T02:00:00Z"), then this will deny the policy at any time after 2023-01-01T02:00:00Z. Abbey continues to check for whether a policy will be expiring at a later date, allowing you to write time-based expiry policies.

Look here for the source.


The expire_after function denies a policy after a certain amount of time has passed. For example, to deny a policy after 30 minutes, you can write expire_after("30m"). Like expire_at, Abbey continues to check whether an expire_after policy has expired so that policies will actually deny after their given time.

The duration argument needs an integer concatenated with a unit, so something like 30s, 60m, 3h, or 1d. The exact duration syntax is documented here.

Look here for the source.

Last updated