Always use the identity name (not the alias) for enforcing the policies

2025-09-26 20:11:29 +08:00 · 2025-07-03 14:18:57 +02:00
parent 16bd434f78
commit 643dd8386c
1 changed files with 3 additions and 0 deletions
--- a/iam/iam.go
+++ b/iam/iam.go
@@ -112,6 +112,9 @@ func (i *iam) Enforce(name, domain, rtype, resource, action string) bool {
 		if identity.IsSuperuser() {
 			superuser = true
 		}
+
+		// Use the name (not the alias) from now on. policies are only associated with the name.
+		name = identity.Name()
 	}

 	l := i.logger.Debug().WithFields(log.Fields{