spec:
groups:
- mrn: string # Required: MRN identifier
name: string # Required: Human-readable name
description: string # Optional: Description
roles: [] # Required: List of role MRNs
annotations: # Optional: Key-value metadata
- name: string
value: string # JSON-encoded value
| Field | Type | Required | Description |
|---|---|---|---|
mrn | string | Yes | Unique MRN identifier |
name | string | Yes | Human-readable name |
description | string | No | Group description |
roles | array | Yes | List of role MRNs |
annotations | array | No | List of name/value objects for custom metadata |
Groups organize roles. When a principal belongs to a group (via mgroups claim), they inherit all roles in that group.
groups:
- mrn: "mrn:iam:group:admins"
name: admins
description: "System administrators"
roles:
- "mrn:iam:role:admin"
- mrn: "mrn:iam:group:developers"
name: developers
description: "Development team"
roles:
- "mrn:iam:role:developer"
- "mrn:iam:role:viewer"
groups:
- mrn: "mrn:iam:group:finance"
name: finance
description: "Finance department"
roles:
- "mrn:iam:role:finance-user"
annotations:
- name: "department"
value: "\"finance\""
- name: "cost_center"
value: "12345"
roles:
- mrn: &admin "mrn:iam:role:admin"
name: admin
policy: "mrn:iam:policy:allow-all"
- mrn: &viewer "mrn:iam:role:viewer"
name: viewer
policy: "mrn:iam:policy:read-only"
groups:
- mrn: "mrn:iam:group:power-users"
name: power-users
roles:
- *admin
- *viewer
Can you improve this documentation?Edit on GitHub
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |