From 91050dcd465a000fbb54a6c78cc32d768bac1848 Mon Sep 17 00:00:00 2001 From: Dan Heath <76443935+Dan-Heath@users.noreply.github.com> Date: Tue, 12 Aug 2025 13:13:40 -0400 Subject: [PATCH] docs: Document that grant strings allow multiple ids (#5975) * docs: Document that grant strings allow multiple ids * Update website/content/docs/configuration/identity-access-management/permission-grant-formats.mdx Co-authored-by: Jeff Mitchell --------- Co-authored-by: Jeff Mitchell --- .../permission-grant-formats.mdx | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/website/content/docs/configuration/identity-access-management/permission-grant-formats.mdx b/website/content/docs/configuration/identity-access-management/permission-grant-formats.mdx index 1a6d1ee56d..e99cef0e8d 100644 --- a/website/content/docs/configuration/identity-access-management/permission-grant-formats.mdx +++ b/website/content/docs/configuration/identity-access-management/permission-grant-formats.mdx @@ -18,9 +18,10 @@ A grant string has a form similar to: There are two types of selectors: -- An `id` field that indicates a specific resource or a wildcard to match all +- An `ids` field that indicates a specific resource or a wildcard to match all. +You can enter multiple comma-separated ID values in a grant string. - A `type` field that indicates a specific resource type or a wildcard to match - all; this might also be used to grant permissions on collections of resources + all; this might also be used to grant permissions on collections of resources. Selectors are used to indicate the resources on which the grant should apply, using specific IDs or wildcard IDs and type selectors. @@ -44,6 +45,12 @@ to specify `create` or `list` as actions in this format, because this format explicitly identifies a resource. The `create` and `list` actions are only supported for collections. +You can enter multiple comma-separated ID values in a grant string: + +`ids=hsst_1234567890,hsst_0987654321;actions=read,update` + +This example grants the `read` and `update` actions to both resources `hsst_1234567890` and `hsst_0987654321`. + ## Type only You can configure a grant to allow the specified actions for a given type.