Authorization/Access Control#

An authorization system determines whether an agent has access to perform a given action on a particular resource.

ACP#

ESS uses Access Control Policy (ACP) [1] to define the policies that determine access to Pod’s resources.

If
< allOf | anyOf > (Matcher(s)) evaluates to true, AND
< allOf | anyOf | noneOf > (Matcher(s)) evaluates to true, AND
Then

<allow (AccessMode(s)) | deny (AccessMode(s)) | allow (AccessMode(s)) AND deny (AccessMode(s)) >

For details, see Access Control Policy (ACP).

See also:

Access Control Mechanisms#

ESS supports:

Authorization Services#

To support authorization, ESS provides the following services: