Operational Status Reports
Entitlement Status
Compare Grants to Role
A shell report can model a simple entitlement check with scalar role, grant, and status values.
Program
Play the script to choose the role and inspect whether the grant is expected.
entitlement_status_report.sh
#!/usr/bin/env bash
role=
grant="deploy"
if [[ "$role" == "admin" ]]; then
allowed="deploy read"
else
allowed="read"
fi
if [[ " $allowed " == *" $grant "* ]]; then
audit_status="expected"
else
audit_status="unexpected"
fi
echo "$role grant=$grant status=$audit_status"
#!/usr/bin/env bash
role=
grant="deploy"
if [[ "$role" == "admin" ]]; then
allowed="deploy read"
else
allowed="read"
fi
if [[ " $allowed " == *" $grant "* ]]; then
audit_status="expected"
else
audit_status="unexpected"
fi
echo "$role grant=$grant status=$audit_status"
role policy
The role chooses the permissions that are expected for the check.
grant comparison
The membership test compares one grant against the role policy string.
audit status
The final status calls out whether the grant matches the selected role.