Advise on using policies with related resources
I have two resources
Now I have admin which can create/update/read both resources.
I have an operator that can only create transfers.
The issue is updating the account balance when the operator creates the transfer. Since he does not have access to create/update an acccount.
How should I model my policies to handle this kind of situations?
Transfer and Account. Transfer updates the accounts balance it's related to.Now I have admin which can create/update/read both resources.
I have an operator that can only create transfers.
The issue is updating the account balance when the operator creates the transfer. Since he does not have access to create/update an acccount.
How should I model my policies to handle this kind of situations?
