Close #26 Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
1.2 KiB
Resource
From the point of the access policy engine, a resource is an object to which a request is being performed. This can be an object in a container within a namespace, or all objects in a container, or all containers within the root namespace etc.
A resource can be viewed from two sides:
- As part of a request. In this case a resource has a name and properties.
- As part of rule chain: a resource has just a name.
Resource name
A resource name must have a such format that can be processed by a chain router that matches a request
either with local overrides or with rules within policy contract to get if this request is allowed to be performed.
The main idea of this format is for the chain router to match by full name (native:object//cnrID/objID
) or
wildcard (native:object//cnrID/*
).
Check out formats that are defined in the schema: native formats, s3 formats. You should validate a resource name using util before instantiating a request or before putting it to either to local override storage or the policy contract storage.