I would like to change the following security rule so that I do not have to explicitly assign to users who are developers the custom property InDeveloperGroup="Yes", and instead have the rule apply to any user who has been allocated  a professional access license under the License management - Professional access allocations tab...

Name: StreamPublish

Description: Each developer should be able to publish to each stream within their AccessGroup or any associated with InDeveloperGroup.

Resource filter: Stream_*

Actions: Read, Publish

Conditions: ((user.roles="ContentAdmin")) or ((user.@InDeveloperGroup="Yes") and (resource.@InDeveloperGroup="Yes" or resource.name=user.@AccessGroup))

I believe the solution is to do something like this...

Name: StreamPublish

Description: Each user who is allocated professional access should be able to publish to each stream within their AccessGroup or any associated with InDeveloperGroup.

Resource filter: Stream_*

Actions: Read, Publish

Conditions: ((user.roles="ContentAdmin")) or ((user.environment.licenseContext="named user") and (resource.@InDeveloperGroup="Yes" or resource.name=user.@AccessGroup))

...but I am guessing at what the valid values for user.environment.licenseContext are. Any ideas?