Authorization/Access Control#

An authorization system determines whether an agent has access to perform a given action on a particular resource.


ESS uses Access Control Policy (ACP) [1] to define the policies that determine access to Pod’s resources.

< allOf | anyOf > (Matcher(s)) evaluates to true, AND
< allOf | anyOf | noneOf > (Matcher(s)) evaluates to true, AND

<allow (AccessMode(s)) | deny (AccessMode(s)) | allow (AccessMode(s)) AND deny (AccessMode(s)) >

For more information, see Access Control Policy (ACP).

Access Control Mechanisms#

ESS supports:

Authorization Services#

To support authorization, ESS provides the following services: