Derived roles

apiVersion: ""
description: |-
  Common dynamic roles used within the Apatr app
variables: (1)
  flagged_resource: request.resource.attr.flagged
  name: apatr_common_roles (2)
    - name: owner (3)
      parentRoles: ["user"] (4)
      condition: (5)
          expr: request.resource.attr.owner ==

    - name: abuse_moderator
      parentRoles: ["moderator"]
          expr: V.flagged_resource == true
1 Optional variables section. Each variable is evaluated before any rule condition. A variable expression can contain anything that condition expression can have.
2 Name to use when importing this set of derived roles.
3 Descriptive name for this derived role.
4 The static roles (from the identity provider) to which this derived role applies to.
5 An (optional) set of expressions that should evaluate to true for this role to activate.