fix(iam): retours

ldecarvalho-doc · ldecarvalho-doc · commit cf3badcc70a7 · 2025-03-05T10:01:00.000+01:00
diff --git a/pages/iam/concepts.mdx b/pages/iam/concepts.mdx
@@ -38,7 +38,7 @@ The Common Expression Language (CEL) is used to define expressions in [condition
 
 ## Conditions
 
-A condition is an additional layer of restrictions for your rule. You can allow access to specific user agents or IP addresses, or restrict to certain dates and times. Conditions are defined through [CEL](#common-expression-language-cel) expressions, and can be set up and configured in the Scaleway console. Refer to the [Understanding policy conditions](/iam/reference-content/understanding-policy-conditions) documentation page to learn how they are set up and how you can define them.
+A condition is an additional layer of restrictions for your rule. You can allow access to specific user agents or IP addresses, and allow actions to be performed only at certain dates and times. Conditions are defined through [CEL](#common-expression-language-cel) expressions, and can be set up and configured in the Scaleway console. Refer to the [Understanding policy conditions](/iam/reference-content/understanding-policy-conditions) documentation page to learn how they are set up and how you can define them.
 
 ## Group
 
diff --git a/pages/iam/how-to/create-policy.mdx b/pages/iam/how-to/create-policy.mdx
@@ -50,7 +50,7 @@ An IAM [policy](/iam/reference-content/policy/) is used to define the permission
 7. Click **Validate** to continue.
 8. Choose the **permission sets** for the rule by selecting the required boxes. You can select as many permission sets as you like. The principal will have the rights defined in these permission sets within the scope you set in **step 6**. See our dedicated documentation for [more help with permission sets](/iam/reference-content/permission-sets/).
 9. Click **Validate**.
-10. (Optional) Click **+ Add new** to add one or more conditions. You can allow access to specific user agents or IP addresses, or restrict to certain dates and times.
+10. (Optional) Click **+ Add new** to add one or more conditions. You can allow access to specific user agents or IP addresses, and allow actions to be performed only at certain dates and times.
     <Message type="tip">
       Refer to the [Understanding policy conditions](/iam/reference-content/understanding-policy-conditions) documentation page for more details about how to write condition expressions, as well as examples of conditions.
     </Message>
diff --git a/pages/iam/quickstart.mdx b/pages/iam/quickstart.mdx
@@ -78,7 +78,7 @@ Users you have invited to your Organization, and applications you have created,
 7. Click **Validate** to continue.
 8. Choose the **permission sets** for the rule by selecting the required boxes. You can select as many permission sets as you like. The principal will have the rights defined in these permission sets within the scope you set in **step 6**. See our dedicated documentation for [more help with permission sets](/iam/reference-content/permission-sets/).
 9. Click **Validate**.
-10. (Optional) Click **+ Add new** to add one or more conditions. You can allow access to specific user agents or IP addresses, or restrict to certain dates and times.
+10. (Optional) Click **+ Add new** to add one or more conditions. You can allow access to specific user agents or IP addresses, and allow actions to be performed only at certain dates and times.
     <Message type="tip">
       Refer to the [Understanding policy conditions](/iam/reference-content/understanding-policy-conditions) documentation page for more details about how to write condition expressions, as well as examples of conditions.
     </Message>
diff --git a/pages/iam/reference-content/policy.mdx b/pages/iam/reference-content/policy.mdx
@@ -56,7 +56,7 @@ A permission set consists of one or multiple permissions to perform actions on r
 
 ### Conditions
 
-A condition is an additional layer of restrictions for your rule. You can allow access to specific user agents or IP addresses, or restrict to certain dates and times. Conditions are defined through [CEL](#common-expression-language-cel) expressions. In general, a condition expression consists of one or more statements that are joined by logical operators (`&&`, `||`, or `!`).
+A condition is an additional layer of restrictions for your rule. You can allow access to specific user agents or IP addresses, and allow actions to be performed only at certain dates and times. Conditions are defined through [CEL](#common-expression-language-cel) expressions. In general, a condition expression consists of one or more statements that are joined by logical operators (`&&`, `||`, or `!`).
 
 Conditions can be set up and configured in the Scaleway console.
 
diff --git a/pages/iam/reference-content/understanding-policy-conditions.mdx b/pages/iam/reference-content/understanding-policy-conditions.mdx
@@ -25,7 +25,11 @@ At Scaleway, IAM conditions are defined using Common Expression Language (CEL) e
 
 An expression can be compared to a conditional statement in programming. It is a logical statement that evaluates to either true or false. The result determines whether the permission set defined in the rule is applied or not.
 
-Condition expressions are composed of one or several statements that declare a rule based on attributes. Attributes are like characteristics or properties of a resource or a user. For example, an attribute might be a given date or time, or an IP address.
+Condition expressions are composed of one or several statements that declare a rule based on attributes. Attributes are like characteristics or properties of a request, resource or a user. For example, an attribute might be a given date or time, or an IP address.
+
+<Message type="note">
+  Currently only request-based conditions are available with Scaleway IAM.
+</Message>
 
 Expressions at Scaleway are defined in CEL, which provides a human-readable and flexible method of creating conditions.
 
@@ -79,6 +83,8 @@ Conditions support three logical operators that can be used to build complex log
 
 A function is a compound operator for data types, that supports more complex operations. In condition expressions, predefined functions can be used with a given data type.
 
+All standard CEL functions are supported, as well as the following custom Scaleway IAM function(s):
+
 | Function | Description | Parameters |
 | ------------ | ------------------- | ------ |
 | `inIpRange(IP: string, Subnet: string)` | Checks if the IP address is included in the IP subnet. | **IP**: (String) The IP address to check. |
@@ -121,14 +127,14 @@ request.user_agent.contains("terraform/")
 
 ### Time conditions
 
-To check if a request was performed within a specific timeslot you can use the following expression. In this example, use weekdays from 9am to 5pm as a timestamp.
+To only allow actions within a specific timeslot you can use the following expression. In this example, use weekdays from 9am to 5pm as a timestamp.
 ```
 request.time.getDayOfWeek() != 0 && request.time.getDayOfWeek() != 6
 && request.time.getHours("Europe/Paris") < 17
 && request.time.getHours("Europe/Paris") > 8
 ```
 
-To check if the request was performed over the weekend, you can use the expression below:
+To only allow requests that were performed over the weekend, you can use the expression below:
 ```
 request.time.getDayOfWeek() != 0 && request.time.getDayOfWeek() != 6
 ```
