Object Model for Subjects

Subjects are optional and represent users, groups of users, or service accounts. All subjects must have a unique ID and subjects may optionally have attributes.

Users may optionally be defined in a virtual document data.object.users. This document is not required to be defined; however, some snippets depend on it and will not work correctly without users being defined. It is recommended that when needed, you access your data sources through their respective object reference. For example, using data.object.users, as opposed to data.datasources.myCorporateUsers.

For example, the following package defines three users (alice@styra.com, bob@styra.com, and diya@styra.com), two of which have attributes (location and name).

package object

users := {
    "alice@styra.com": {
        "location": "Wonderland"
        "name": "Alice Liddell"
    },
    "bob@styra.com": {
        "contractor": true,
        "location": "US"
        "name": "Bob"
    },
    "diya@styra.com": {
    }
}

Groups are defined in the data.object.groups virtual document. Groups may specify inclusion by user id or by specifying membership-attributes, which dynamically selects users for membership in the group, if the user has similar attribute values.

If both users and membership-attributes are specified, the union of users matching either of those selectors is included in the group.

package object

groups := {
    "contractors": {
        "users": ["diya@styra.com"],
        "membership-attributes": {
            "contractor": true
        }
    },
    "managers": {
        "users": ["alice@styra.com"]
    },
    "admins": {
        "users": ["cecily@styra.com"]
    },
}