Policies for accessing the Chef Automate 2 Resources

Hi Guys i'm currently working on Chef Automate 2, i need to write policies for a user accessing the particular chef A2 resources (like nodes information only). so could you help me out, in writing the policy that only gives the user to access to specific environment nodes (For example user should only access nodes which are attached to "dev" environments only) .