Skip to content

Document additive behavior of policies in Restricted API Access #480

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ivanauth wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Document additive behavior of policies in Restricted API Access #480

ivanauth wants to merge 2 commits into from
+59 −143

Conversation

@ivanauth
Copy link
Contributor

@ivanauth ivanauth commented Jan 6, 2026

Description

Adds documentation explaining that policies in Restricted API Access are additive. When multiple policies apply to the same Service Account, the resulting permissions are the union of all permissions granted by those policies.

This behavior isn't immediately obvious to users, so having it explicitly documented helps avoid confusion when configuring multiple policies for a single Service Account.

Fixes #360

@ivanauth
Document additive behavior of policies in Restricted API Access
11b9ff2 
Adds documentation explaining that when multiple policies apply to the same
Service Account, permissions are additive (union of all granted permissions).

Fixes authzed#360
@vercel
Copy link
Contributor

vercel bot commented Jan 6, 2026

@ivanauth is attempting to deploy a commit to the authzed Team on Vercel.

A member of the Team first needs to authorize it.

vroldanbet
vroldanbet reviewed Jan 7, 2026
View reviewed changes
Copy link
Contributor

@vroldanbet vroldanbet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, please addres CI build errors

@ivanauth ivanauth force-pushed the fix/issue-360-policy-additivity branch from 3233055 to 0547981 Compare January 7, 2026 15:17
@ivanauth
Copy link
Contributor Author

ivanauth commented Jan 7, 2026

@vroldanbet done, thank you.

@vercel
Copy link
Contributor

vercel bot commented Jan 7, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
docs Ready Ready Preview, Comment Jan 7, 2026 3:51pm

@vroldanbet
Copy link
Contributor

vroldanbet commented Jan 7, 2026

@ivanauth I re-ran the failed jobs, can you address the errors?

@ivanauth
Copy link
Contributor Author

ivanauth commented Jan 7, 2026
edited
Loading

@vroldanbet thank you. The Link Checker failure is pre-existing on the main branch (see recent failing runs: Jan 6, Jan 5) and is not introduced by this PR.

The errors are:

  • /docs/authzed/guides returns 404 (no index page in that directory)
  • Missing anchors for #priority-a-essential, #priority-b-strongly-recommended, #priority-c-recommended (relative anchors in best-practices/_meta.ts)

All other checks pass (Lint, Spellcheck, Signature, Vercel Deploy).

Happy to fix these pre-existing issues in this PR or a separate one if you'd like - just let me know!

vroldanbet
vroldanbet approved these changes Jan 7, 2026
View reviewed changes
Copy link
Contributor

@vroldanbet vroldanbet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the context, @ivanauth. Sounds like those errors predate this PR; no reason to block because of them. LGTM!

@ivanauth
Copy link
Contributor Author

ivanauth commented Jan 9, 2026

Awesome, thank you @vroldanbet!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vroldanbet vroldanbet vroldanbet approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Document additivity of policies/permissions in Restricted Access

2 participants

@ivanauth @vroldanbet