Values.BatchIsAuthorizedInputSourceMakes a series of decisions about multiple authorization requests for one principal or resource. Each request contains the equivalent content of an IsAuthorized request: principal, action, resource, and context. Either the principal or the resource parameter must be identical across all requests. For example, Verified Permissions won't evaluate a pair of requests where bob views photo1 and alice views photo2. Authorization of bob to view photo1 and photo2, or bob and alice to view photo1, are valid batches. The request is evaluated against all policies in the specified policy store that match the entities that you declare. The result of the decisions is a series of Allow or Deny responses, along with the IDs of the policies that produced each decision. The entities of a BatchIsAuthorized API request can contain up to 100 principals and up to 100 resources. The requests of a BatchIsAuthorized API request can contain up to 30 requests. The BatchIsAuthorized operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission verifiedpermissions:IsAuthorized in their IAM policies.
type nonrec t = {policyStoreId : PolicyStoreId.t;Specifies the ID of the policy store. Policies in this policy store will be used to make the authorization decisions for the input. To specify a policy store, use its ID or alias name. When using an alias name, prefix it with policy-store-alias/. For example: ID: PSEXAMPLEabcdefg111111 Alias name: policy-store-alias/example-policy-store To view aliases, use ListPolicyStoreAliases.
*)entities : EntitiesDefinition.t option;(Optional) Specifies the list of resources and principals and their associated attributes that Verified Permissions can examine when evaluating the policies. These additional entities and their attributes can be referenced and checked by conditional elements in the policies in the specified policy store. You can include only principal and resource entities in this parameter; you can't include actions. You must specify actions in the schema.
*)requests : BatchIsAuthorizedInputList.t;An array of up to 30 requests that you want Verified Permissions to evaluate.
*)}val make :
?entities:??? ->
policyStoreId:PolicyStoreId.t ->
requests:BatchIsAuthorizedInputList.t ->
unit ->
tval to_value :
t ->
[> `Structure of
(string
* [> `List of
[> `Structure of
(string
* [> `Structure of
(string
* [> `Map of
([> `String of String_.t ]
* Awso.Botodata.value)
list
| `String of EntityType.t ])
list ])
list ]
list
| `String of PolicyStoreId.t
| `Structure of
(string
* [> `List of
[> `Structure of
(string
* [> `List of
[> `Structure of
(string * [> `String of EntityType.t ])
list ]
list
| `Map of
([> `String of String_.t ] * Awso.Botodata.value)
list
| `Structure of
(string * [> `String of EntityType.t ]) list ])
list ]
list
| `String of CedarJson.t ])
list ])
list ]