| 123456789101112131415 |
- [request_definition]
- r = sub, obj, act
- [policy_definition]
- p = sub, obj, act
- [role_definition]
- g = _, _
- [policy_effect]
- e = some(where (p.eft == allow))
- [matchers]
- m = (p.sub == "*" || (r.sub == p.sub) || g(r.sub, p.sub)) && ((r.obj == p.obj) ||
- keyMatch2(r.obj, p.obj)) && (r.act == p.act || p.act == "*")
|
