Policy Examples
The following are some examples of policies. These policies can be copied inline into a grant kit or be placed into a Policy Bundle and used with Abbey. The source code for all Abbey Rego functions can be found in our Policy Library Repository.
Table of Contents
Attribute-Based Access Control
Confirm if User is On-Call in PagerDuty for Access
Role-Based Access Control
This example policy evaluates to true when the user has a certain role. We model these roles as groups that the user is part of. This policy checks whether a user is in the group Engineering
, but you can check if the user is in any group you would like.
Attribute-Based Access Control
This example policy evaluates to true when the user has a certain attribute. We want to check whether the Cost Center associated with the given user is Engineering
. To do this, we check whether the attribute cost_center_name
is Engineering
.
Time-Based Expiry
This example policy evaluates to false after 60 minutes have passed. Access is revoked at the end of the 60 minute time period. The time can be modified as needed for longer or shorter access durations. Hours can be entered in using syntax like "1h"
for 1 hour.
Confirm if User is On-Call in PagerDuty for Access
This example policy approves an access request if the user is on-call in PagerDuty.
This does not make use of any Abbey functions.
Last updated