Compliance as Code

Declarative Ownership

Use convention-based map rules to model enterprise-scale asset ownership and responsibility at scale.

Edit this page on GitHub

Declarative Ownership

Using map for Enterprise-Scale Responsibility Modeling

For enterprise-scale ownership and responsibility modeling, rescile provides an advanced, convention-based pattern in compliance files: [control.target.map].

Instead of writing dozens of rules to link assets to owners, maintainers, and data processors, you can define the convention in a single block.

data/compliance/ownership.toml

[[control]]
id = "OWN-1"
name = "Map Asset Roles to Providers"
[[control.target]]
[control.target.map]
# 1. Find all resources of this type to get the list of possible roles (e.g., "owner", "maintainer").
derived_type = "role"
# 2. Scan these asset types for properties that match the role names.
origin_resource_types = ["application", "database"]
# 3. The value of the property is the name of a resource of this type.
target_resource_type = "provider"
# 4. Create a relation with this type from the asset to the provider.
primary_relation_type = "HAS_RESPONSIBILITY"
# 5. Add a property to the new relation indicating which role it represents.
property_on_relation = "role"
# 6. (Optional) Create a second link from the role definition itself to the provider.
link_relation_to_target = true
secondary_relation_type = "IS_PERFORMED_BY"
# 7. Use overrides to map properties like 'vendor' to the 'maintainer' role.
[control.target.map.property_map_overrides]
vendor = "maintainer"

This single rule scans hundreds of assets. If it finds an application with a property vendor = "team-alpha", it performs two actions:

  1. It creates the primary responsibility link: (application) -[HAS_RESPONSIBILITY {role: "maintainer"}]-> (provider:team-alpha).
  2. Because link_relation_to_target is true, it also creates a secondary link modeling which provider performs the role: (role:maintainer) -[IS_PERFORMED_BY]-> (provider:team-alpha).
graph TD
    subgraph "Primary Responsibility Link"
        App["application<br>vendor: team-alpha"] -- "HAS_RESPONSIBILITY<br>{role: maintainer}" --> Provider["provider<br><b>team-alpha</b>"]
    end
    subgraph "Secondary Role Performance Link"
        Role["role<br><b>maintainer</b>"] -- "IS_PERFORMED_BY" --> Provider
    end

This pattern is the key to managing organizational responsibility at scale.