Attribute based access controls
Users identities
How to set and use metadata attributes on user identities for ABAC.
User identities can have metadata attributes assigned directly. These attributes (such as location or department) are used to define dynamic access policies.
Setting Metadata on Users
1
Navigate to the Access Control page on the organization sidebar and select a user.
2
On the User Page, click the pencil icon to edit the selected user.
3
Add metadata via key-value pairs and update the user identity.
Applying ABAC Policies with User Metadata
Attribute-based access controls are currently only available for polices defined on Secrets Manager projects. You can set ABAC permissions to dynamically set access to environments, folders, secrets, and secret tags.
In your policies, metadata values are accessed as follows:
- User ID:
{{ identity.id }}
(always available) - Username:
{{ identity.username }}
(always available) - Metadata Attributes:
{{ identity.metadata.<metadata-key-name> }}
(available if set)
Was this page helpful?