## sample 9
This sample demonstrates using `is` operation to write a policy specific to a
particular entity type.
We want to write a policy allowing the owner of any photo to view that photo.
As a first attempt we could write a policy testing `principal == resource.owner`.
```cedar
permit (
principal,
action == Action::"view",
resource
)
when { principal == resource.owner };
```
This doesn't quite work because because `Action::"view"` applies to both `Photo`
and `ScreenTime` entities, but only `Photo` entities have an owner. Policy
validation detects this issue.
```console
sample9$ cedar validate --policies policy_bad.cedar --schema schema.cedarschema
Validation Results:
validation error on policy `policy0` at offset 83-97: attribute `owner` for entity type ScreenTime not found
```
We can use the `is` operator to ensure that the policy can only apply to `Photo` entities.
```cedar
permit (
principal,
action == Action::"view",
resource is Photo
)
when { principal == resource.owner };
```
```console
sample9$ cedar validate --policies policy.cedar --schema schema.cedarschema
Validation Passed
```
The policy using `is` will authorize owners to view their photos. We use the
file `request.json` to ask if `User::"Bob"` can view `Photo::"VacationPhoto94.jpg"`.
```console
sample9$ cargo run authorize --policies policy.cedar --entities entity.json --request-json request.json
ALLOW
```
This request is allowed because the resource is a photo and `Bob` is the owner of
that photo.