doc: update rule doc to include conditions (#10845)

openmetadata-docs/content/main-concepts/metadata-standard/schemas/entity/policies/accessControl/rule.md

@@ -9,17 +9,79 @@ slug: /main-concepts/metadata-standard/schemas/entity/policies/accesscontrol/rul
 
 ## Properties
 
-- **`name`** *(string)*: Name for this Rule.
-- **`fullyQualifiedName`**: FullyQualifiedName same as `name`. Refer to *../../../type/basic.json#/definitions/fullyQualifiedEntityName*.
-- **`entityTypeAttr`** *(string)*: Entity type that the rule should match on. Default: `None`.
-- **`entityTagAttr`**: Entity tag that the rule should match on. Refer to *../../../type/tagLabel.json#/definitions/tagFQN*. Default: `None`.
-- **`operation`**: Operation on the entity. Refer to *#/definitions/operation*. Default: `None`.
-- **`allow`** *(boolean)*: Allow or Deny operation on the entity. Default: `False`.
-- **`priority`** *(integer)*: Priority of this rule among all rules across all policies. Default: `250000`.
-- **`deleted`** *(boolean)*: Is the rule soft-deleted. Default: `False`.
+- **name (string)**: Name of this Rule
+- **fullyQualifiedName (fullyQualifiedEntityName)**: FullyQualifiedName in the form policyName.ruleName.
+- **description (markdown)**: Description of the rule.
+- **effect (string)**: Indicates whether the rule allows or denies access.", where effect can take on one of two values: "allow" or "deny".
+- **operations (array of operation objects)**: List of operation names related to the resources. Use * to include all the operations.
+- **resources (array of strings)**: Resources/objects related to this rule. Resources are typically entityTypes such as table, database, etc. It also includes non-entityType resources such as lineage. Use * to include all the resources.
+- **condition (expression)**: Expression in SpEL used for matching of a Rule based on entity, resource, and environmental attributes.
 ## Definitions
 
 - **`operation`** *(string)*: This schema defines all possible operations on metadata of data entities. Must be one of: `['Create', 'Delete', 'ViewAll', 'ViewUsage', 'ViewTests', 'TableViewQueries', 'TableViewDataProfile', 'TableViewSampleData', 'EditAll', 'EditDescription', 'EditTags', 'EditOwner', 'EditTier', 'EditCustomFields', 'EditLineage', 'EditReviewers', 'EditTests', 'TableEditQueries', 'TableEditDataProfile', 'TableEditSampleData', 'TeamEditUsers']`.
 
+## Condition
+
+**hasAnyRole:** Returns true if the user (either direct or inherited from the parent teams) has one or more roles from the list.
+
+**Example:**
+
+```
+hasAnyRole('DataSteward', 'DataEngineer')
+
+```
+**inAnyTeam:** Returns true if the user belongs under the hierarchy of any of the teams in the given team list.
+
+**Example:**
+
+```
+inAnyTeam('marketing')
+
+```
+**isOwner:** Returns true if the user belongs under the hierarchy of any of the teams in the given team list.
+
+**Example:**
+
+```
+isOwner()
+!isOwner
+noOwner() || isOwner()
+
+```
+**matchAllTags:** Returns true if the entity being accessed has all the tags given as input.
+
+**Example:**
+
+```
+matchAllTags('PersonalData.Personal', 'Tier.Tier1', 'Business Glossary.Clothing')
+
+```
+**matchAnyTag:** Returns true if the entity being accessed has at least one of the tags given as input.
+
+**Example:**
+
+```
+matchAnyTag('PersonalData.Personal', 'Tier.Tier1', 'Business Glossary.Clothing')
+
+```
+**matchTeam:** Returns true if the user and the resource belongs to the team hierarchy where this policy is attached. This allows restricting permissions to a resource to the members of the team hierarchy.
+
+**Example:**
+
+```
+matchTeam()
+
+```
+**noOwner**: Returns true if the entity being accessed has no owner.
+
+**Example:**
+
+```
+noOwner()
+!noOwner
+noOwner() || isOwner()
+
+```
+
 
 Documentation file automatically generated at 2022-07-14 10:51:34.749986.