groupPolicy

Fetch a single ABAC group policy by its unique identifier.

Returns null with a NOT_FOUND error if the policy does not exist in your organization. Use this when you already know the policy's id — for example, when the terraform provider needs to read a policy it previously created. To browse policies attached to a group, query the nested Group.policies field instead.

groupPolicy(
  organizationId: ID!
  id: UUID!
): Policy

Arguments

`groupPolicy.organizationId` ● `ID!` non-null scalar {#organization-id}

Your organization's unique identifier.

`groupPolicy.id` ● `UUID!` non-null scalar {#id}

The policy's unique identifier.

Type

`Policy` object

A single ABAC group policy: an effect (ALLOW/DENY), one or more actions, optional attribute conditions, and the group whose members the policy applies to.

Conditions are evaluated AND within a policy and OR across policies on the same group. A policy with no conditions is a wildcard — it matches any resource of each action's entity. Deny policies win over allow policies. A policy can list actions across different entities (for example project:view together with instance:deploy); for each action, condition keys whose registered attribute scope is unreachable for that action's entity are skipped, and a policy whose conditions all skip for a given action is a wildcard match for that action. See docs/guides/abac.md for the full evaluation model.

Arguments​

groupPolicy.organizationId ● ID! non-null scalar {#organization-id}​

groupPolicy.id ● UUID! non-null scalar {#id}​

Type​

Policy object​

Arguments

`groupPolicy.organizationId` ● `ID!` non-null scalar {#organization-id}

`groupPolicy.id` ● `UUID!` non-null scalar {#id}

Type

`Policy` object