id: markitect-enterprise-policy-map
issuer: https://sso.example.test/realms/netkingdom
audiences:
  - markitect-tool
defaults:
  allowed_labels:
    - public
  trust_zones:
    - public
groups:
  /markitect/readers:
    allowed_labels:
      - public
      - internal
    trust_zones:
      - public
      - internal
    actions:
      - read
      - query
      - search
  /markitect/stewards:
    allowed_labels:
      - public
      - internal
      - restricted
    trust_zones:
      - public
      - internal
      - restricted
    actions:
      - read
      - query
      - search
      - package
      - export
roles:
  viewer:
    actions:
      - read
      - query
      - search
scopes:
  markitect:read:
    actions:
      - read
      - query
      - search
trust_zones:
  internal:
    required_groups:
      - /markitect/readers
  restricted:
    required_groups:
      - /markitect/stewards
metadata:
  owner: flex-auth
  version: example