Skip to main content

Built-in Functions

Aserto provides a set of built-in functions that can be used in your policy. These functions make it easier to leverage information found the Aserto directory.


When providing a user's identity , you can use a GUID, PID or an email associated with the user.

  • dir.identity(user) - returns the user's Aserto directory id by a key.

    For example: dir.identity("") will return dfdadc39-7335-404d-af66-c77cf13a15f8.

  • dir.is_same_user(userA, userB) - returns true if the identities of userA and userB are the same identity.

    For example: dir.is_same_user("", "dfdadc39-7335-404d-af66-c77cf13a15f8") will return true.

  • dir.user(user) - returns the user object by the user identity.

    For example: dir.user("dfdadc39-7335-404d-af66-c77cf13a15f8") will return the user object of for the user

  • dir.manager_of(user) - returns the user object of the manager of a user, based on the manager attribute of the user specified.

    For example: dir.manager_of("") will return the user object of

  • dir.is_manager_of(userA, userB) - returns true if userA is a manager of userB, based on the manager attribute of userB and the identity of userA.

    For example: dir.is_manager_of("", "") will return true.

  • dir.management_chain - returns the management chain of a user as a list of user ids.

    For example: dir.management_chain("") will return:

    {    "chain": [      "dfdadc39-7335-404d-af66-c77cf13a15f8",      "2bfaa552-d9a5-41e9-a6c3-5be62b4433c8",      "37b056d8-f63e-412b-b172-63d60d35ea56",      "2a43d793-7367-4a3e-8c6e-5ec955a52038",      "242f6e15-e469-4e42-9510-0483f6d019c9",      "7846c22f-d3d8-4e02-8b62-d055d0284783",      "b7de08a6-8417-491b-be62-85945a538f46"    ]}