# Rego Keyword Examples: every Rego rules and statements are existentially quantified by default. This means that if there is any solution then the rule is true, or a value is bound. Some policies require checking all elements in an array or object. The `every` keyword makes this [universal quantification](/docs/policy-language#universal-quantification-for-all) easier. Here we show two equivalent rules achieve universal quantification, note how much easier to read the one using `every` is. ``` package playallow1 if { every e in [1, 2, 3] { e < 4 }}# without every, don't do this!allow2 if { {r | some e in [1, 2, 3]; r := e < 4} == {true}} ``` `allow2` works by generating a set of 'results' testing elements from the array `[1,2,3]`. The resulting set is tested against `{true}` to verify all elements are `true`. As we can see `every` is a much better option! ## Examples Checking every feature flag Here we use the `every` keyword to validate that an example session has all the required feature flags for a request. `test_speedy_checkout` is false in the `input.json`, this will need to be true for the user to be allowed to load the new checkout page. policy.rego ``` package playdefault allow := falseallow if { input.path == "/new/checkout" every feature in new_checkout_features { input.features[feature] == true }}new_checkout_features := { "new_ui", "test_speedy_checkout",} ``` Output { "allow": false, "new\_checkout\_features": \[ "new\_ui", "test\_speedy\_checkout" \] } input.json ``` { "features": { "new_ui": true, "test_speedy_checkout": false }, "path": "/new/checkout", "email": "alice@example.com"} ``` data.json ``` {} ``` [Open in OPA Playground](https://play.openpolicyagent.org/?state=eyJpIjoie1xuICBcImZlYXR1cmVzXCI6IHtcbiAgICBcIm5ld191aVwiOiB0cnVlLFxuICAgIFwidGVzdF9zcGVlZHlfY2hlY2tvdXRcIjogZmFsc2VcbiAgfSxcbiAgXCJwYXRoXCI6IFwiL25ldy9jaGVja291dFwiLFxuICBcImVtYWlsXCI6IFwiYWxpY2VAZXhhbXBsZS5jb21cIlxufSIsImQiOiJ7fSIsInAiOiJwYWNrYWdlIHBsYXlcblxuZGVmYXVsdCBhbGxvdyA6PSBmYWxzZVxuXG5hbGxvdyBpZiB7XG5cdGlucHV0LnBhdGggPT0gXCIvbmV3L2NoZWNrb3V0XCJcblxuXHRldmVyeSBmZWF0dXJlIGluIG5ld19jaGVja291dF9mZWF0dXJlcyB7XG5cdFx0aW5wdXQuZmVhdHVyZXNbZmVhdHVyZV0gPT0gdHJ1ZVxuXHR9XG59XG5cbm5ld19jaGVja291dF9mZWF0dXJlcyA6PSB7XG5cdFwibmV3X3VpXCIsXG5cdFwidGVzdF9zcGVlZHlfY2hlY2tvdXRcIixcbn1cbiJ9) Enforcing meeting invite rules Every can also be used to check an object's keys and values. Here we do just that to validate attendees of a meeting invite. In this example, all attendees must have the staff role and the correct email address suffix for the meeting to be created. Update Bob to have `staff` and you should see it's possible to create the invite. policy.rego ``` package playdefault allow := falseallow if { every email, user in input.invites { endswith(email, "@example.com") "staff" in user.roles }} ``` Output { "allow": false } input.json ``` { "invites": { "bob@example.com": { "roles": [ "contractor" ] }, "charlie@example.com": { "roles": [ "staff" ] } }, "owner": "alice@example.com"} ``` data.json ``` {} ``` [Open in OPA Playground](https://play.openpolicyagent.org/?state=eyJpIjoie1xuICBcImludml0ZXNcIjoge1xuICAgIFwiYm9iQGV4YW1wbGUuY29tXCI6IHtcbiAgICAgIFwicm9sZXNcIjogW1xuICAgICAgICBcImNvbnRyYWN0b3JcIlxuICAgICAgXVxuICAgIH0sXG4gICAgXCJjaGFybGllQGV4YW1wbGUuY29tXCI6IHtcbiAgICAgIFwicm9sZXNcIjogW1xuICAgICAgICBcInN0YWZmXCJcbiAgICAgIF1cbiAgICB9XG4gIH0sXG4gIFwib3duZXJcIjogXCJhbGljZUBleGFtcGxlLmNvbVwiXG59IiwiZCI6Int9IiwicCI6InBhY2thZ2UgcGxheVxuXG5kZWZhdWx0IGFsbG93IDo9IGZhbHNlXG5cbmFsbG93IGlmIHtcblx0ZXZlcnkgZW1haWwsIHVzZXIgaW4gaW5wdXQuaW52aXRlcyB7XG5cdFx0ZW5kc3dpdGgoZW1haWwsIFwiQGV4YW1wbGUuY29tXCIpXG5cdFx0XCJzdGFmZlwiIGluIHVzZXIucm9sZXNcblx0fVxufVxuIn0=)