Hello, I'm trying to figure out how to implement a service configuration for a complex custom resource hierarchy and have been peeking into the definition for Hive for inspiration as this has a similar hierarchy (database/table/column). I'm curious to know how the 'mandatory' and 'isValidLeaf' attributes are interpreted in the policy engine.
My first assumption was that 'mandatory' might be used for resource types that may not always be present in particular classes of access request. In Hive for example, if I wish to drop a table, I would not expect the access request to describe a column name. However, I see this is not how the Hive service is implemented - column is mandatory. I'm also guessing that isValidLeaf=false would be used to denote a resource attribute that does not in and of itself point to resource, but is merely a coordinate to such a resource? Can anyone provide any insights as I fear I'm likely on the wrong track. Many thanks, Elliot.
