¥update-policy
{grant * self * A TXT;};
¥Syntax definition
¥( grant | deny ) identity nametype name [
types ]
¥First matching rule is used
¥Grant explicitly permits, Deny explicitly
"denies"
¥Why is
this better?
¥Fine grained access control
¥Rarely will one key be allowed to change "anything"