Header menu logo Nao

PermissionRule Type

A single allow/deny rule the user granted.

Record fields

Record Field Description

CreatedAt

Full Usage: CreatedAt

Field type: DateTimeOffset
Field type: DateTimeOffset

Decision

Full Usage: Decision

Field type: PermissionDecision
Field type: PermissionDecision

Id

Full Usage: Id

Field type: string

Stable identifier (used to revoke).

Field type: string

Kind

Full Usage: Kind

Field type: ResourceKind
Field type: ResourceKind

Operations

Full Usage: Operations

Field type: string list

Operations this rule covers, lowercased (e.g. ["read"; "write"]). Empty = any.

Field type: string list

Pattern

Full Usage: Pattern

Field type: string
 Match pattern.
  • File: an absolute path prefix — matches the path itself and anything under it
    (e.g. "/home/me/project" matches "/home/me/project/sub/a.txt"). Globs allowed.
  • Web: a host or host suffix — "example.com" matches "example.com" and any
    subdomain "*.example.com". A bare "*" matches everything. Globs allowed.
  • Tool: the tool name, a glob, or "*".
Field type: string

Scope

Full Usage: Scope

Field type: RuleScope
Field type: RuleScope

Type something to start searching.