Contextual Role Evaluation

Refer to Expressions for details on writing context role expressions.

If the expression returns true, the contextual role is applied.

Table 1. Common variables:

userID

The ID of the current user.

Records

Table 2. Records variables:

resource.ID

The ID of the resource.

resource.recordID

The ID of the resource; same as resource.ID.

resource.moduleID

The ID of the related module.

resource.labels

The key-value pair of labels associated with this resource.

resource.namespaceID

The ID of the related namespace.

resource.ownedBy

The userID of the resource owner.

resource.createdAt

The timestamp of when the resource was created.

resource.createdBy

The userID of the user that created the resource.

resource.updatedAt

The timestamp of when the resource was last updated. The parameter is not defined if the resource has not yet been updated.

resource.updatedBy

The userID of the user that last updated the resource. The parameter will be 0 if the resource has not yet been updated.

resource.deletedAt

The timestamp of when the resource was deleted. The parameter is not defined if the resource has not been deleted.

resource.deletedBy

The userID of the user that deleted the resource. The parameter will be 0 if the resource has not been updated.

resource.values

A set of key-value pairs for the record values defined by the module fields.

If a module field is a multi-value, the corresponding key-value entry will be an array.

Workflows

Table 3. Workflows variables:

resource.ID

The ID of the resource.

resource.workflowID

The ID of the resource; same as resource.ID.

resource.labels

The key-value pair of labels associated with this resource.

resource.ownedBy

The userID of the resource owner.

resource.createdAt

The timestamp of when the resource was created.

resource.createdBy

The userID of the user that created the resource.

resource.updatedAt

The timestamp of when the resource was last updated. The parameter is not defined if the resource has not yet been updated.

resource.updatedBy

The userID of the user that last updated the resource. The parameter will be 0 if the resource has not yet been updated.

resource.deletedAt

The timestamp of when the resource was deleted. The parameter is not defined if the resource has not been deleted.

resource.deletedBy

The userID of the user that deleted the resource. The parameter will be 0 if the resource has not been updated.

Auth clients

Table 4. Auth clients variables:

resource.ID

The ID of the resource.

resource.labels

The key-value pair of labels associated with this resource.

resource.scope

The scope defined by the auth client.

resource.validGrant

The grant that is supported by the auth client.

resource.redirectURI

The redirect URI for the auth client.

resource.trusted

The trust setting of the auth client.

resource.enabled

The enabled setting for the auth client.

resource.validFrom

The timestamp denoting when the auth client is valid from.

resource.expiresAt

The timestamp denoting when the auth client is no longer valid.

resource.ownedBy

The userID of the resource owner.

resource.createdAt

The timestamp of when the resource was created.

resource.createdBy

The userID of the user that created the resource.

resource.updatedAt

The timestamp of when the resource was last updated. The parameter is not defined if the resource has not yet been updated.

resource.updatedBy

The userID of the user that last updated the resource. The parameter will be 0 if the resource has not yet been updated.

resource.deletedAt

The timestamp of when the resource was deleted. The parameter is not defined if the resource has not been deleted.

resource.deletedBy

The userID of the user that deleted the resource. The parameter will be 0 if the resource has not been updated.