NewACL creates an ACL from the grants provided.

Parse parses a grant string.

WithAccountId provides an account ID to be used for any templating in grant strings.

WithSkipAnonymousUserRestrictions allows skipping the restrictions on anonymous users, useful when e.g.

WithSkipFinalValidation allows skipping the validity step where we ensure we can run a resource described by the grant successfully through the ACL check.

WithUserId provides a user ID to be used for any templating in grant strings.

ACL provides an entry point into the permissions engine for determining if an action is allowed on a resource based on a principal's (user or group) grants.

AclGrant is used to decouple API-based grants from those we utilize for ACLs.

ACLResults provides a type for the permission's engine results so that we can pass more detailed information along in the future if we want.

Grant is a Go representation of a parsed grant.

GrantTuple is simply a struct that can be reference from other code to return a set of scopes and grants to parse.

OutputFields is used to store information about allowed output fields in grants.

Permission provides information about the specific resources that a user has been granted access to for a given scope, resource, and action.

Resource defines something within boundary that requires authorization capabilities.

Scope provides an in-memory representation of iam.Scope without the underlying storage references or capabilities.

UserPermissions is a set of Permissions for a User.

Option - how Options are passed as arguments.