Hacker News new | past | comments | ask | show | jobs | submit login

I am not sure how your groups are structured, but something like this might work for this [0] use case:

    package play

    import rego.v1

    default allow := false

    allow if {
        user := input.id

        user in data.groups.A
        user in data.groups.B
        not user in data.groups.C
    }
[0] https://play.openpolicyagent.org/p/adMo9TE9bS



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: