Add an example of trading permissions

cedar-example-use-cases/broker/ALLOW/eft-crypto.json

@@ -0,0 +1,6 @@
+{
+    "principal": "User::\"Senior Trader\"",
+    "action": "Action::\"TradeETF\"",
+    "resource": "ETF::\"SBIT\"",
+    "context": {}
+}

cedar-example-use-cases/broker/ALLOW/etf-inverse.json

@@ -0,0 +1,6 @@
+{
+    "principal": "User::\"Trader\"",
+    "action": "Action::\"TradeETF\"",
+    "resource": "ETF::\"PSQ\"",
+    "context": {}
+}

cedar-example-use-cases/broker/ALLOW/etf-leveraged.json

@@ -0,0 +1,6 @@
+{
+    "principal": "User::\"Senior Trader\"",
+    "action": "Action::\"TradeETF\"",
+    "resource": "ETF::\"QLD\"",
+    "context": {}
+}

cedar-example-use-cases/broker/ALLOW/options-level1.json

@@ -0,0 +1,8 @@
+{
+    "principal": "User::\"Trader\"",
+    "action": "Action::\"TradeOptions\"",
+    "resource": "Options::\"NDX\"",
+    "context": {
+        "type": "Covered Call"
+    }
+}

cedar-example-use-cases/broker/ALLOW/options-level2.json

@@ -0,0 +1,8 @@
+{
+    "principal": "User::\"Senior Trader\"",
+    "action": "Action::\"TradeOptions\"",
+    "resource": "Options::\"NDX\"",
+    "context": {
+        "type": "Long Call"
+    }
+}

cedar-example-use-cases/broker/ALLOW/options-level3.json

@@ -0,0 +1,8 @@
+{
+    "principal": "User::\"Senior Trader\"",
+    "action": "Action::\"TradeOptions\"",
+    "resource": "Options::\"NDX\"",
+    "context": {
+        "type": "Short Put"
+    }
+}

cedar-example-use-cases/broker/ALLOW/options-level4.json

@@ -0,0 +1,8 @@
+{
+    "principal": "User::\"Senior Trader\"",
+    "action": "Action::\"TradeOptions\"",
+    "resource": "Options::\"NDX\"",
+    "context": {
+        "type": "Short Synthetic"
+    }
+}

cedar-example-use-cases/broker/ALLOW/stock.json

@@ -0,0 +1,6 @@
+{
+    "principal": "User::\"Regular Dude\"",
+    "action": "Action::\"TradeStock\"",
+    "resource": "Stock::\"Z\"",
+    "context": {}
+}

cedar-example-use-cases/broker/DENY/etf-inverse.json

@@ -0,0 +1,6 @@
+{
+    "principal": "User::\"Regular Dude\"",
+    "action": "Action::\"TradeETF\"",
+    "resource": "ETF::\"PSQ\"",
+    "context": {}
+}

cedar-example-use-cases/broker/DENY/etf-leveraged.json

@@ -0,0 +1,6 @@
+{
+    "principal": "User::\"Regular Dude\"",
+    "action": "Action::\"TradeETF\"",
+    "resource": "ETF::\"QLD\"",
+    "context": {}
+}

cedar-example-use-cases/broker/DENY/options-level1.json

@@ -0,0 +1,8 @@
+{
+    "principal": "User::\"Regular Dude\"",
+    "action": "Action::\"TradeOptions\"",
+    "resource": "Options::\"NDX\"",
+    "context": {
+        "type": "Covered Call"
+    }
+}

cedar-example-use-cases/broker/DENY/options-level2.json

@@ -0,0 +1,8 @@
+{
+    "principal": "User::\"Trader\"",
+    "action": "Action::\"TradeOptions\"",
+    "resource": "Options::\"NDX\"",
+    "context": {
+        "type": "Long Call"
+    }
+}

cedar-example-use-cases/broker/DENY/options-level4.json

@@ -0,0 +1,8 @@
+{
+    "principal": "User::\"EU Trader\"",
+    "action": "Action::\"TradeOptions\"",
+    "resource": "Options::\"NDX\"",
+    "context": {
+        "type": "Short Synthetic"
+    }
+}

cedar-example-use-cases/broker/README.md

@@ -0,0 +1,16 @@
+# Broker permission system
+This example mimics a trading permission system. We use Cedar to specify trading permissions of securities including stocks, ETFs, and options.
+
+## Stocks
+All users can trade listed stocks.
+
+## ETFs
+All users can trade ETFs except that only users with high risk tolerance can trade leveraged and inverse ETFs; only US users can trade crypto-based ETFs.
+
+## Options
+Only users with options level greater than 0 can trade options. There are four options levels that permit users to trade options of various risks and complexities.
+
+Note that checking options trading permissions should be a two step process: First check the options trading permissions and then those of the underlying securities. For instance, non-US users cannot trade options of any ETFs tracking crypto currencies.
+
+
+

cedar-example-use-cases/broker/entities.json

@@ -0,0 +1,139 @@
+[
+    {
+        "uid": {
+            "type": "Stock",
+            "id": "Z"
+        },
+        "attrs": {},
+        "parents": [{
+            "type": "Security",
+            "id": "US"
+        }]
+    },
+    {
+        "uid": {
+            "type": "ETF",
+            "id": "QQQ"
+        },
+        "attrs": {},
+        "parents": [{
+            "type": "Security",
+            "id": "US"
+        }]
+    },
+    {
+        "uid": {
+            "type": "ETF",
+            "id": "QLD"
+        },
+        "attrs": {
+            "leveraged": true
+        },
+        "parents": [{
+            "type": "Security",
+            "id": "US"
+        }]
+    },
+    {
+        "uid": {
+            "type": "ETF",
+            "id": "PSQ"
+        },
+        "attrs": {
+            "inverse": true
+        },
+        "parents": [{
+            "type": "Security",
+            "id": "US"
+        }]
+    },
+    {
+        "uid": {
+            "type": "ETF",
+            "id": "SQQQ"
+        },
+        "attrs": {
+            "inverse": true,
+            "leveraged": true
+        },
+        "parents": [{
+            "type": "Security",
+            "id": "US"
+        }]
+    },
+    {
+        "uid": {
+            "type": "ETF",
+            "id": "SBIT"
+        },
+        "attrs": {
+            "inverse": true,
+            "leveraged": true,
+            "crypto_based": true
+        },
+        "parents": [{
+            "type": "Security",
+            "id": "US"
+        }]
+    },
+    {
+        "uid": {
+            "type": "Options",
+            "id": "NDX"
+        },
+        "attrs": {
+        },
+        "parents": [{
+            "type": "Security",
+            "id": "US"
+        }]
+    },
+    {
+        "uid": {
+            "type": "User",
+            "id": "Regular Dude"
+        },
+        "attrs": {
+            "risk_tolerance": "Low",
+            "options_level": 0,
+            "location": "US" 
+        },
+        "parents": []
+    },
+    {
+        "uid": {
+            "type": "User",
+            "id": "Trader"
+        },
+        "attrs": {
+            "risk_tolerance": "High",
+            "options_level": 1,
+            "location": "US" 
+        },
+        "parents": []
+    },
+    {
+        "uid": {
+            "type": "User",
+            "id": "Senior Trader"
+        },
+        "attrs": {
+            "risk_tolerance": "High",
+            "options_level": 4,
+            "location": "US" 
+        },
+        "parents": []
+    },
+    {
+        "uid": {
+            "type": "User",
+            "id": "EU Trader"
+        },
+        "attrs": {
+            "risk_tolerance": "High",
+            "options_level": 3,
+            "location": "EU" 
+        },
+        "parents": []
+    }
+]

cedar-example-use-cases/broker/policies.cedar

@@ -0,0 +1,102 @@
+// All users can view US security info
+@id("view")
+permit (
+    principal,
+    action == Action::"View",
+    resource in Security::"US"
+);
+
+// Any user can trade stocks
+@id("stocks")
+permit (
+    principal,
+    action in Action::"Trade",
+    resource is Stock
+);
+
+// Any user can trade ETFs with the following restrictions specified by forbid policies
+@id("ETFs")
+permit (
+    principal,
+    action in Action::"Trade",
+    resource is ETF
+);
+
+@id("Inverse ETFs")
+// Only users with high risk tolerance can trade inverse and leveraged ETFs
+forbid (
+    principal,
+    action in Action::"Trade",
+    resource is ETF
+)
+when { resource has inverse && resource.inverse }
+unless { principal.risk_tolerance == "High" };
+
+@id("Leveraged ETFs")
+forbid (
+    principal,
+    action in Action::"Trade",
+    resource is ETF
+)
+when { resource has leveraged && resource.leveraged }
+unless { principal.risk_tolerance == "High" };
+
+// Only US customers can trade crypto-based ETFs
+@id("Crypto-based ETFs")
+forbid (
+    principal,
+    action in Action::"Trade",
+    resource is ETF
+)
+when { resource has crypto_based && resource.crypto_based }
+unless { principal.location == "US" };
+
+// Users with options level 1 can trade certain options
+@id("Options level 1")
+permit (
+    principal,
+    action in Action::"Trade",
+    resource is Options
+)
+when { principal.options_level >= 1 }
+when
+{ ["Covered Call", "Covered Basket Call", "Buy Write"].contains(context.type) };
+
+// Users with options level 2 can additionally trade certain options
+@id("Options level 2")
+permit (
+    principal,
+    action in Action::"Trade",
+    resource is Options
+)
+when { principal.options_level >= 2 }
+when { ["Long Call", "Long Put", "Covered Put"].contains(context.type) };
+
+// Users with options level 3 can additionally trade certain options
+@id("Options level 3")
+permit (
+    principal,
+    action in Action::"Trade",
+    resource is Options
+)
+when { principal.options_level >= 3 }
+when { ["Short Put", "Synthetic", "Reversal"].contains(context.type) };
+
+// Users with options level 4 can additionally trade certain options
+@id("Options level 4")
+permit (
+    principal,
+    action in Action::"Trade",
+    resource is Options
+)
+when { principal.options_level >= 4 }
+when
+{
+    ["Short Naked Call",
+     "Short Straddle",
+     "Short Strangle",
+     "Short Synthetic"].contains
+        (
+            context.type
+        )
+};