Merge pull request #77 from Pigius/fix/fix-groups-link

Fix link last time
cedar-policy · Dec 28, 2023 · 7a2a3a5 · 7a2a3a5
2 parents f3c7efe + 15390c7
commit 7a2a3a5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/docs/collections/_bestpractices/bp-implementing-roles-attributes.md b/docs/collections/_bestpractices/bp-implementing-roles-attributes.md
@@ -8,7 +8,7 @@ has_children: false
 
 # Adding attribute-based conditions
 
-[The approach described in the previous section](bestpractices/bp-implementing-roles-groups.html) requires that you add a new user group in your identity provider (IdP) and create a new policy for each group of resources. In the previous examples, the resource groups reflect countries: `Approver-France`, `Approver-Germany`, `Approver-UK`, and so on. There is a finite number of countries, and they don’t change very often. The company might expand into five new countries per year, and so creating new user groups in the IdP and new policies to support this expansion might not represent a significant overhead.
+[The approach described in the previous section](bp-implementing-roles-groups.html) requires that you add a new user group in your identity provider (IdP) and create a new policy for each group of resources. In the previous examples, the resource groups reflect countries: `Approver-France`, `Approver-Germany`, `Approver-UK`, and so on. There is a finite number of countries, and they don’t change very often. The company might expand into five new countries per year, and so creating new user groups in the IdP and new policies to support this expansion might not represent a significant overhead.
 
 However, consider instead a scenario where the resource groups represent projects instead of countries. Each time a project is kicked off one or more approvers must be assigned to review and approve timesheets for that project. A large global company might be starting and stopping hundreds of projects a year. With the previous approach, for every project that is kicked off a new user group representing the approver role for that project’s timesheets needs to be created in the IdP: `Approver-project03344`, `Approver-project03345`, `Approver-project03346`, and so on. This could have an impact on management of your directory, adding thousands of roles.