Reference
The reference condition allows you to constrain a policy statement so that it applies to entities that match a given Reference. This condition supports regular expressions, allowing you to focus in on a single Reference or wildcard expressions within an Reference.
In Cloud CMS, a Reference is a string that uniquely locates an item within the system. It takes on a structure that looks like one of the following:
{type}://{platformId}/{id}
{type}://{platformId}/{datastoreId}/{objectId}
node://{platformId}/{repositoryId}/{branchId}/{nodeId}
association://{platformId}/{repositoryId}/{branchId}/{associationId}
Configuration
{
"type": "reference",
"config": {
"reference": "{value regex}"
}
}
Sample #1
This policy document grants the Consumer role to a specific piece of content with the Reference:
node://11eccae4c69a226e69b1/7498bb23d34a7a269680/d4acbca1eb26b19ee020/46ba5e0d79b83aac97ec
Where:
- platform ID =
11eccae4c69a226e69b1 - repository ID =
7498bb23d34a7a269680 - branch ID =
d4acbca1eb26b19ee020 - node ID =
46ba5e0d79b83aac97ec
The policy might look like this:
{
"title": "My Sample Policy",
"statements": [{
"action": "grant",
"roles": ["consumer"],
"conditions": [{
"type": "reference",
"config": {
"id": "node://11eccae4c69a226e69b1/7498bb23d34a7a269680/d4acbca1eb26b19ee020/46ba5e0d79b83aac97ec"
}
}]
}]
}
Sample #2
Suppose we want to grant access to ALL nodes within a given branch. In this case, the branch we want to constrain to is d4acbca1eb26b19ee020.
We can use regex for that:
{
"title": "My Sample Policy",
"statements": [{
"action": "grant",
"roles": ["consumer"],
"conditions": [{
"type": "reference",
"config": {
"id": "node://11eccae4c69a226e69b1/7498bb23d34a7a269680/d4acbca1eb26b19ee020/.*"
}
}]
}]
}
Sample #3
Or we can constrain to all branches within a given repository (7498bb23d34a7a269680):
{
"title": "My Sample Policy",
"statements": [{
"action": "grant",
"roles": ["consumer"],
"conditions": [{
"type": "reference",
"config": {
"id": "node://11eccae4c69a226e69b1/7498bb23d34a7a269680/.*"
}
}]
}]
}