Skip to content

Commit

Permalink
Update authorization-README.md
Browse files Browse the repository at this point in the history 
Remove explicit deny and change to implicit deny
  • Loading branch information
@marcushines @morrowc
marcushines authored and morrowc committed Feb 10, 2024
1 parent 4242e31 commit f0a7668
Showing 1 changed file with 3 additions and 17 deletions.
20 changes: 3 additions & 17 deletions pathz/authorization-README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -292,11 +292,7 @@ policy {
mode: READ
user { name: "brian" }
}
# Add a final rule which is an explicit deny rule.
policy {
id: "explicit-deny"
action: DENY
}
# Add a final rule which is an implicit deny rule.
```

The example first policy rule:
Expand Down Expand Up @@ -486,15 +482,5 @@ values, for instance:
/this/is/a/keyed[name=Ethernet1/*/3]/things - NOT permitted usage of wildcard
```

The policy rule:

```proto
# Add a final rule which is an explicit deny rule.
policy {
id: "explicit-deny"
action: DENY
}
```

provides an explicit deny for any request which does not match any other policy
rule. This rule also requests that the result be logged in full fidelity.
The end of every policy includes an implicit deny policy rule. This rule will
cause all matches to be counted.

0 comments on commit f0a7668

Please sign in to comment.