Content
Updated by Radovan Semancik 2 months ago
Index/search all objects that have policy rule by constraint type, markRef and action type (e.g. report/enforcement).
Indexing objects where the policy rules is defined, not objects where it is evaluated.
Use case: list all policies/roles/orgs that include policy rules. List all roles with exclusion rules. List all policies that are enforcing policy rules.
Question: could we list all roles that have policy rules that are _not_ enforcing them? E.g. have "report" action only, but no "enforcement"?
Index should include target object (if available). E.g. I want to search for all other roles that exclude my role. This may not work in case that filter is used in the exclusion spec, but that is fine.
Indexing objects where the policy rules is defined, not objects where it is evaluated.
Use case: list all policies/roles/orgs that include policy rules. List all roles with exclusion rules. List all policies that are enforcing policy rules.
Question: could we list all roles that have policy rules that are _not_ enforcing them? E.g. have "report" action only, but no "enforcement"?
Index should include target object (if available). E.g. I want to search for all other roles that exclude my role. This may not work in case that filter is used in the exclusion spec, but that is fine.