Fix: override default restritive policy for identity admin.

2026-01-19 20:43:39 +01:00
parent 6c5323025b
commit 30eaccb1a3
1 changed files with 8 additions and 3 deletions
--- a/policies/identity_admin_policy.hcl
+++ b/policies/identity_admin_policy.hcl
@@ -1,8 +1,13 @@
 # Add identity admin role to the token
 path "identity/*" {
-  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+  capabilities = ["create", "read", "update", "delete", "list"]
 }

-path "identity/entity/*/name" {
-  capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+# Override default policies for identity management
+path "identity/entity/id/{{identity.entity.id}}" {
+  capabilities = ["create", "read", "update", "delete", "list"]
+}
+
+path "identity/entity/name/{{identity.entity.name}}" {
+  capabilities = ["create", "read", "update", "delete", "list"]
 }