diff --git a/demos/demo2/opa/policy.rego b/demos/demo2/opa/policy.rego
index 6f7ca43e50d98f3f89721aaad01a5cf4e488db89..6baa2c5ad4c241b8984dfe96d17e3e494e5066db 100644
--- a/demos/demo2/opa/policy.rego
+++ b/demos/demo2/opa/policy.rego
@@ -6,18 +6,17 @@ import input
 default allow = false
 
 allow {
-    path_arr := split(input.path, "/")
-    print(path_arr)
-    path_id_short := split(path_arr[count(path_arr)-1], ".")
-    z := array.slice(path_arr, 0, count(path_arr)-1)
-    path_full := array.concat(z, path_id_short)
-    print(path_id_short)
-    print(path_full)
-    some i, _ in path_full
-    path_arr_slice := array.slice(path_full, 0, i+1)
-    path := concat("/", path_arr_slice)
+    # split path (e.g., aas.aHR0cHM6Ly93d3cuY29tcGFueS5jb20vc3VibW9kZWxzL2FyYmVpdHNhdWZ0cmFn.Auftragsstatus) in parts
+    path_arr := split(input.path, ".")
+    # iterate through each subpath
+    # e.g., 1. aas 2. aas.aHR0cHM6Ly93d3cuY29tcGFueS5jb20vc3VibW9kZWxzL2FyYmVpdHNhdWZ0cmFn
+    # 3. aas.aHR0cHM6Ly93d3cuY29tcGFueS5jb20vc3VibW9kZWxzL2FyYmVpdHNhdWZ0cmFn.Auftragsstatus
+    some i, _ in path_arr
+    path_arr_slice := array.slice(path_arr, 0, i+1)
+    path := concat(".", path_arr_slice)
     print(path)
     print(data.api[path])
+    # within the stored data, check if input.user can perform requested method (e.g., READ)
     some user in data.api[path][input.method]
     user == input.user
 }