Skip to content

Instantly share code, notes, and snippets.

@srenatus

srenatus/full output

Created May 21, 2019 15:22
Show Gist options
  • Save srenatus/f7993700cacaed49d9d7b8833c9d89b6 to your computer and use it in GitHub Desktop.
Save srenatus/f7993700cacaed49d9d7b8833c9d89b6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
full output
This file has been truncated, but you can view the full file.
+-----------+--------------------------------------------------------------------------------------------+
| Query 1 | data.partial.authz_v2.authorized |
+-----------+--------------------------------------------------------------------------------------------+
| Support 1 | package partial |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username384]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username384, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username812]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username812, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username1249]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username1249, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username1689]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username1689, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username2123]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username2123, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username2540]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username2540, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username2985]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username2985, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username3402]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username3402, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username3819]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username3819, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username4236]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username4236, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username4653]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username4653, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username5070]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username5070, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username5487]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username5487, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username5902]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username5902, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username6319]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username6319, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username6736]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username6736, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username7177]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username7177, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username7617]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username7617, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username8054]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username8054, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username8471]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username8471, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username8888]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username8888, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username9305]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username9305, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username9722]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username9722, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username10139]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username10139, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username10556]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username10556, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username10973]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username10973, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username11390]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username11390, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username11807]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username11807, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username12224]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username12224, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username12641]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username12641, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username13058]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username13058, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username13475]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username13475, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username13888]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username13888, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username14305]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username14305, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username14741]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username14741, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username15158]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username15158, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username15575]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username15575, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username15992]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username15992, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username16423]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username16423, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username16840]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username16840, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username17257]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username17257, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username17674]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username17674, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username18119]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username18119, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username18555]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username18555, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username18994]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username18994, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username19435]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username19435, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username19870]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username19870, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username20308]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username20308, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username20746]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username20746, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username21160]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username21160, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username21577]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username21577, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username22017]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username22017, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username22431]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username22431, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username22848]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username22848, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username23289]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username23289, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:owner" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:editor" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:ingest" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:project-admin" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:roles:iam-members-viewer" = input.resource |
| | "iam:roles:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:editor-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:viewer-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:policies:ingest-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:update" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | "iam:projects:~~ALL-PROJECTS~~" = input.resource |
| | "iam:projects:delete" = input.action |
| | _ = input.subjects[_] |
| | } |
| | |
| | __not1_1__ { |
| | startswith(input.subjects[_], "user:local:") |
| | split(input.subjects[_], ":", ["user", _, username23726]) |
| | replace("iam:users:${a2:username}", "${a2:username}", username23726, input.resource) |
| | "iam:users:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:delete" = input.action |
| | } |
| | |
| | __not1_1__ { |
| | "team:local:admins" = input.subjects[_] |
| | "iam:policies:administrator-access" = input.resource |
| | "iam:policies:update" = input.action |
| | } |
+-----------+--------------------------------------------------------------------------------------------+
| Support 2 | package partial.authz_v2 |
| | |
| | authorized { |
| | startswith(input.subjects[_], "user:") |
| | split(input.action, ":") = ["event", _, _] |
| | |
| | not data.partial.__not1_1__ |
| | _ = input.resource |
| | } |
| | |
| | authorized { |
| | "system:status" = input.resource |
| | "system:license:get" = input.action |
| | |
| | not data.partial.__not1_1__ |
| | _ = input.subjects[_] |
| | } |
| | |
| | authorized { |
| | "iam:policyVersion" = input.resource |
| | "iam:policies:get" = input.action |
| | |
| | not data.partial.__not1_1__ |
| | _ = input.subjects[_] |
| | } |
| | |
| | authorized { |
| | "iam:introspect" = input.resource |
| | split(input.action, ":") = ["iam", "introspect", _] |
| | |
| | not data.partial.__not1_1__ |
| | _ = input.subjects[_] |
| | } |
| | |
| | authorized { |
| | "system:service:version" = input.resource |
| | "system:serviceVersion:get" = input.action |
| | |
| | not data.partial.__not1_1__ |
| | _ = input.subjects[_] |
| | } |
| | |
| | authorized { |
| | "system:service:version" = input.resource |
| | "system:serviceVersion:list" = input.action |
| | |
| | not data.partial.__not1_1__ |
| | _ = input.subjects[_] |
| | } |
| | |
| | authorized { |
| | "team:local:editors" = input.subjects[_] |
| | split(input.action, ":") = ["infra", _, _] |
| | |
| | not data.partial.__not1_1__ |
| | _ = input.resource |
| | } |
| | |
| | authorized { |
| | "team:local:editors" = input.subjects[_] |
| | split(input.action, ":") = ["compliance", _, _] |
| | |
| | not data.partial.__not1_1__ |
| | _ = input.resource |
| | } |
| | |
| | authorized { |
| | "team:local:editors" = input.subjects[_] |
| | split(input.action, ":") = ["system", _, _] |
| | |
| | not data.partial.__not1_1__ |
| | _ = input.resource |
| | } |
| | |
| | authorized { |
| | "team:local:editors" = input.subjects[_] |
| | split(input.action, ":") = ["event", _, _] |
| | |
| | not data.partial.__not1_1__ |
| | _ = input.resource |
| | } |
| | |
| | authorized { |
| | "team:local:editors" = input.subjects[_] |
| | split(input.action, ":") = ["ingest", _, _] |
| | |
| | not data.partial.__not1_1__ |
| | _ = input.resource |
| | } |
| | |
| | authorized { |
| | "team:local:editors" = input.subjects[_] |
| | split(input.action, ":") = ["secrets", _, _] |
| | |
| | not data.partial.__not1_1__ |
| | _ = input.resource |
| | } |
| | |
| | authorized { |
| | "team:local:editors" = input.subjects[_] |
| | split(input.action, ":") = ["telemetry", _, _] |
| | |
| | not data.partial.__not1_1__ |
| | _ = input.resource |
| | } |
| | |
| | authorized { |
| | "team:local:editors" = input.subjects[_] |
| | "iam:projects:list" = input.action |
| | |
| | not data.partial.__not1_1__ |
| | _ = input.resource |
| | } |
| | |
| | authorized { |
| | "team:local:editors" = input.subjects[_] |
| | "iam:projects:get" = input.action |
| | |
| | not data.partial.__not1_1__ |
| | _ = input.resource |
| | } |
| | |
| | authorized { |
| | "team:local:editors" = input.subjects[_] |
| | "iam:projects:assign" = input.action |
| | |
| | not data.partial.__not1_1__ |
| | _ = input.resource |
| | } |
| | |
| | authorized { |
| | startswith(input.subjects[_], "user:") |
| | split(input.action, ":") = ["infra", _, _] |
| | |
| | not data.partial.__not1_1__ |
| | _ = input.resource |
| | } |
| | |
| | authorized { |
| | startswith(input.subjects[_], "user:") |
| | split(input.action, ":") = ["infra", "nodeManagers", _] |
| | |
| | not data.partial.__not1_1__ |
| | _ = input.resource |
| | } |
| | |
| | authorized { |
| | "team:local:viewers" = input.subjects[_] |
| | split(input.action, ":") = ["secrets", _, "get"] |
| | |
| | not data.partial.__not1_1__ |
| | _ = input.resource |
|
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment