Skip to main content

Cedar Policy Syntax

WL-APDP uses Cedar, an open-source policy language developed by AWS, for expressing authorization policies.

Basic Structure

A Cedar policy has this structure:

permit|forbid (
    principal [== | in] <entity>,
    action [== | in] <action>,
    resource [== | is] <resource>
) [when { <conditions> }];

Policy Types

Permit Policies

Allow access when conditions are met:

permit(
    principal == User::"alice",
    action == Action::"read",
    resource is Document
);

Forbid Policies

Deny access (takes precedence over permit):

forbid(
    principal,
    action == Action::"delete",
    resource is Document
) when {
    resource.classification == "confidential"
};

Principal Constraints

Specific Principal

permit(
    principal == User::"alice",
    action,
    resource
);

Principal Type

permit(
    principal is User,
    action,
    resource
);

Group Membership

permit(
    principal in Group::"finance-team",
    action,
    resource
);

Any Principal

permit(
    principal,
    action == Action::"read",
    resource is PublicDocument
);

Action Constraints

Specific Action

permit(
    principal,
    action == Action::"read",
    resource
);

Multiple Actions

permit(
    principal,
    action in [Action::"read", Action::"list"],
    resource
);

Any Action

permit(
    principal == User::"admin",
    action,
    resource
);

Resource Constraints

Specific Resource

permit(
    principal,
    action,
    resource == Document::"public-readme"
);

Resource Type

permit(
    principal,
    action,
    resource is Document
);

Resource in Container

permit(
    principal,
    action,
    resource in Folder::"public-docs"
);

Conditions (when clause)

Attribute Checks

permit(
    principal,
    action == Action::"read",
    resource is Document
) when {
    resource.classification == "public"
};

Principal Attributes

permit(
    principal is User,
    action == Action::"access",
    resource is SensitiveData
) when {
    principal.clearance_level >= 3
};

Context Values

permit(
    principal,
    action,
    resource
) when {
    context.intent == "data_analysis" &&
    context.approved == true
};

Combining Conditions

permit(
    principal is Agent,
    action == Action::"execute",
    resource is Tool
) when {
    context.goal.contains("customer_support") &&
    resource.risk_level <= 2 &&
    principal.trust_score >= 0.8
};

Entity Types

WL-APDP uses these built-in entity types:

TypeDescriptionExample
UserHuman usersUser::"alice"
AgentAI agentsAgent::"research-bot"
GroupUser/agent groupsGroup::"admins"
RoleRoles for RBACRole::"editor"
DocumentDocumentsDocument::"report.pdf"
ResourceGeneric resourcesResource::"api-endpoint"
ToolMCP toolsTool::"web-search"
ActionActionsAction::"read"

Intent-Goal Patterns

Intent-Based Policy

permit(
    principal is Agent,
    action == Action::"query",
    resource is Database
) when {
    context.intent.startsWith("analyze_") ||
    context.intent.startsWith("summarize_")
};

Goal-Based Policy

permit(
    principal is Agent,
    action == Action::"read",
    resource is CustomerData
) when {
    context.goal in [
        "customer_support",
        "account_management",
        "billing_inquiry"
    ]
};

Delegation-Aware Policy

permit(
    principal is Agent,
    action,
    resource
) when {
    context.delegation_chain.length <= 3 &&
    context.delegation_chain[0].from == "User::\"admin\""
};

Best Practices

1. Start with Deny-by-Default

Don't create overly permissive policies:

// BAD: Too permissive
permit(principal, action, resource);

// GOOD: Specific permissions
permit(
    principal in Group::"employees",
    action in [Action::"read", Action::"list"],
    resource is PublicDocument
);

2. Use Forbid for Exceptions

// Allow general access
permit(
    principal in Group::"employees",
    action,
    resource is Document
);

// But forbid confidential access without clearance
forbid(
    principal,
    action,
    resource is Document
) when {
    resource.classification == "confidential" &&
    !principal.has_clearance
};

3. Leverage Context for AI Agents

permit(
    principal is Agent,
    action == Action::"execute",
    resource is Tool
) when {
    // Require valid intent
    context.intent != "" &&
    // Require approved goal
    context.goal in resource.approved_goals &&
    // Limit delegation depth
    context.delegation_chain.length <= 2
};

4. Keep Policies Focused

// BAD: One policy doing too much
permit(principal, action, resource) when {
    (principal is User && resource is Document && action == Action::"read") ||
    (principal is Agent && resource is Tool && action == Action::"execute") ||
    (principal in Group::"admins" && action == Action::"delete")
};

// GOOD: Separate, focused policies
permit(principal is User, action == Action::"read", resource is Document);
permit(principal is Agent, action == Action::"execute", resource is Tool);
permit(principal in Group::"admins", action == Action::"delete", resource);

Testing Policies

Use the WL-APDP validation endpoint:

curl -X POST http://localhost:8081/policies/validate/single \
  -H "Content-Type: application/json" \
  -d '{
    "code": "permit(principal == User::\"alice\", action, resource);"
  }'

Next Steps