From 643dd8386c781558ac18d5e5a861d8aa2f087512 Mon Sep 17 00:00:00 2001
From: Ingo Oppermann <ingo@datarhei.com>
Date: Thu, 3 Jul 2025 14:18:57 +0200
Subject: [PATCH] Always use the identity name (not the alias) for enforcing
 the policies

---
 iam/iam.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/iam/iam.go b/iam/iam.go
index d84230e3..b6489c2c 100644
--- a/iam/iam.go
+++ b/iam/iam.go
@@ -112,6 +112,9 @@ func (i *iam) Enforce(name, domain, rtype, resource, action string) bool {
 		if identity.IsSuperuser() {
 			superuser = true
 		}
+
+		// Use the name (not the alias) from now on. policies are only associated with the name.
+		name = identity.Name()
 	}
 
 	l := i.logger.Debug().WithFields(log.Fields{