Contextual Role Evaluation

Refer to Expressions for details on writing context role expressions.

If the expression returns true, the contextual role is applied.

Table 1. Common variables:
userID	The ID of the current user.

Records

The ID of the resource.

The ID of the resource; same as resource.ID.

The ID of the related module.

The key-value pair of labels associated with this resource.

The ID of the related namespace.

The userID of the resource owner.

The timestamp of when the resource was created.

The userID of the user that created the resource.

The timestamp of when the resource was last updated. The parameter is not defined if the resource has not yet been updated.

The userID of the user that last updated the resource. The parameter will be 0 if the resource has not yet been updated.

The timestamp of when the resource was deleted. The parameter is not defined if the resource has not been deleted.

The userID of the user that deleted the resource. The parameter will be 0 if the resource has not been updated.

A set of key-value pairs for the record values defined by the module fields.

If a module field is a multi-value, the corresponding key-value entry will be an array.

Table 3. Workflows variables:
resource.ID	The ID of the resource.
resource.workflowID	The ID of the resource; same as resource.ID.
resource.labels	The key-value pair of labels associated with this resource.
resource.ownedBy	The userID of the resource owner.
resource.createdAt	The timestamp of when the resource was created.
resource.createdBy	The userID of the user that created the resource.
resource.updatedAt	The timestamp of when the resource was last updated. The parameter is not defined if the resource has not yet been updated.
resource.updatedBy	The userID of the user that last updated the resource. The parameter will be `0` if the resource has not yet been updated.
resource.deletedAt	The timestamp of when the resource was deleted. The parameter is not defined if the resource has not been deleted.
resource.deletedBy	The userID of the user that deleted the resource. The parameter will be `0` if the resource has not been updated.

Table 4. Auth clients variables:
resource.ID	The ID of the resource.
resource.labels	The key-value pair of labels associated with this resource.
resource.scope	The scope defined by the auth client.
resource.validGrant	The grant that is supported by the auth client.
resource.redirectURI	The redirect URI for the auth client.
resource.trusted	The trust setting of the auth client.
resource.enabled	The enabled setting for the auth client.
resource.validFrom	The timestamp denoting when the auth client is valid from.
resource.expiresAt	The timestamp denoting when the auth client is no longer valid.
resource.ownedBy	The userID of the resource owner.
resource.createdAt	The timestamp of when the resource was created.
resource.createdBy	The userID of the user that created the resource.
resource.updatedAt	The timestamp of when the resource was last updated. The parameter is not defined if the resource has not yet been updated.
resource.updatedBy	The userID of the user that last updated the resource. The parameter will be `0` if the resource has not yet been updated.
resource.deletedAt	The timestamp of when the resource was deleted. The parameter is not defined if the resource has not been deleted.
resource.deletedBy	The userID of the user that deleted the resource. The parameter will be `0` if the resource has not been updated.