QName Matches

This section describes features that are coming in 3.3.

The qname-matches condition allows you to constrain a policy statement so that it applies to content nodes that have a matching QName. This condition supports regular expressions, allowing you to focus in on a single path, sub paths or arbitary matching path structures.

Configuration

{
    "type": "qname-matches",
    "config": {
        "qname": "{value regex}"
    }
}

Sample #1

This policy document allows a principal to read content with a QName value of o:46ba5e0d79b83aac97ec.

{
    "title": "My Sample Policy",
    "statements": [{
        "action": "grant",
        "roles": ["consumer"],
        "conditions": [{
            "type": "qname-matches",
            "config": {
                "qname": "o:46ba5e0d79b83aac97ec"
            }
        }]
    }]
}