Skip to content
Snippets Groups Projects
Commit 8dc6f0f3 authored by Derek Hudson's avatar Derek Hudson
Browse files

Merge branch 'aws-remove-create' into 'master' 

Removed the OPA policy's default create.

See merge request !493
parents 3c048a04 6161c3ec
No related branches found
No related tags found
1 merge request!493Removed the OPA policy's default create.
Pipeline #274067 failed
Stage: build
Stage: containerize
Stage: scan
Stage: deploy
Stage: bootstrap
Stage: integration
Stage: publish
Hide whitespace changes
Inline Side-by-side
deployment/default-policies/dataauthz.rego
+ 1
1
View file @ 8dc6f0f3
...@@ -38,7 +38,7 @@ check_errors[{"id": id, "message": "User is not authorized to create or update r ...@@ -38,7 +38,7 @@ check_errors[{"id": id, "message": "User is not authorized to create or update r
} }
check_errors[{"id": id, "message": "The user is not authorized to perform this action", "reason": "Access denied", "code": "403"}] { check_errors[{"id": id, "message": "The user is not authorized to perform this action", "reason": "Access denied", "code": "403"}] {
input.operation == ["create", "update", "purge", "delete"][_] input.operation == ["update", "purge", "delete"][_]
owners := {o | o := input.records[x].acls.owners[_]} owners := {o | o := input.records[x].acls.owners[_]}
count(owners & permissionSet) == 0 count(owners & permissionSet) == 0
root_user == false root_user == false
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment