| Field | Type | Required | Description | Example |
|---|---|---|---|---|
id |
str | ✔️ | The unique identifier of the policy. | 12jf789l12hwiuencl7aaqey |
name |
str | ✔️ | The name of the policy | Read access to Clothing folder |
description |
OptionalNullable[str] | ➖ | A short description of the policy. | Permit read access to the Clothing folder with external ID asdfjkl12347890. |
scope_type |
models.ScopeTypeEnum | ✔️ | Specifies where the role/policy is applied, either at the account level or within product environments. | prodenv |
permission_type |
Optional[str] | ➖ | Specifies whether the permission applies globally across all resources or contexts within the scope (i.e., security settings for the account, or all folders in a product environment), or specifically to designated content instances (i.e., folder with external ID "fg3841spr"). - global - content |
global |
policy_statement |
str | ✔️ | A Cedar policy that permits or forbids a certain action on a certain element to a principal (user, group, or API key). | permit(principal == Cloudinary::APIKey::"1234",action==Cloudinary::Action::"read",resource is Cloudinary::Folder ) when { resource.ancestor_ids.contains("<folder_id>") }; |
policy_parameters |
List[str] | ➖ | For roles with permission_type set to content, this defines the type of content the role's policies apply to:- The content type can be: folder_id or collection_id.- When assigning the role, provide the instance, e.g. {"folder_id":"asdfjkl12347890"}. This specification is passed to the policy_statement (Cedar). |
[ "folder_id" ] |
category |
Optional[str] | ➖ | The category of the policy. | Management |
sub_category |
Optional[str] | ➖ | The sub-category of the policy. | General operations |
created_at |
int | ✔️ | Creation time of the policy in epoch time. | 1719475216 |
updated_at |
int | ✔️ | Last update time of the policy in epoch time. | 1719475216 |