diff --git a/authorization_services/topics/policy/js-policy.adoc b/authorization_services/topics/policy/js-policy.adoc
index e34481a333..0814819821 100644
--- a/authorization_services/topics/policy/js-policy.adoc
+++ b/authorization_services/topics/policy/js-policy.adoc
@@ -45,7 +45,8 @@ if (contextAttributes.containsValue('kc.client.network.ip_address', '127.0.0.1')
 You can also use role-based access control (RBAC):
 
 ```javascript
-var identity = $evaluation.getIdentity();
+var context = $evaluation.getContext();
+var identity = context.getIdentity();
 
 if (identity.hasRole('keycloak_user')) {
     $evaluation.grant();