Boolean Antecedent Policy Example

You can use the logical combination operators AND (&&) and OR (||) in antecedent claims. See Policy Syntax for details.

ANDed claims

If antecedent claims are anded (&&), both claims must evaluate to true for the consequent claim(s) to execute.

For example:

policy::/dev {
  if (auth_server@apcera.me->name == "robert@gmail.com" && ResType == "job"){
    permit update
  }
  if (auth_server@apcera.me->name == "robert@gmail.com" && ResType == "package"){
    permit update
  }
}

OR'd claims

If antecedent claims are related by an OR (||), this is equivalent to two rules, each rule comprising one of the antecedent claims and the same consequents.

For example:

package::/apcera {
  if (role == "developer" || role == "qa") {
    permit read, use
  }
}