Skip to main content
Version: 2.0.0

Policy Guard

Policy Guards provide centralized control over permissions and roles across projects within an organization. This allows for consistent, organization-wide enforcement of rules regarding access and actions within projects.


What is a Policy Guard?

A Policy Guard is a feature that allows you to define and enforce specific permissions for different roles across multiple projects. By creating a Policy Guard, you set up a centralized baseline policy that applies consistently to all environments within your organization. This avoids the need for repetitive configuration and helps maintain a high level of security and access control.

lock actions

Info

Currently, Policy Guards are accessible only via the Permit API. The Policy Guard UI is on the roadmap, message us in our slack channel #early-access-program to get early access yourself.

Key Capabilities of Policy Guards

  • Centralized Control: Manage permissions and roles at the organization level, allowing for streamlined rule-setting across projects.
  • Flexible Role Management: Define what each role can or cannot do across projects included in the policy guard scope.
  • Project Inclusion and Exclusion: Easily add or remove projects from a policy guard to control their permissions.
  • Permission Rules: Set specific permission rules, such as granting or revoking permissions for certain roles to perform actions on resources (e.g., creating, reading documents).
Important !

Only a workspace Owner can add or remove new guarding policy rules.

Also, Policy Guards are only available for RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control) policies, ReBAC (Relationship-Based Access Control) support is on the roadmap.

scope

Example Use Cases

Ensure that only the "admin" role has permission to read documents across all projects, while all other roles are restricted from reading.

  • Role-Based Access: Assign specific actions to roles (e.g., granting "admin" the ability to create documents and limiting "viewer" to read-only).
  • Multi-Project Enforcement: Enforce the same permissions across multiple projects, ensuring consistent security standards.
  • Audit and Compliance: Review and list current permissions applied across various projects, allowing for easy auditing and compliance checks.

By setting up Policy Guards, you ensure that access controls are enforced systematically across all included projects, aligning with organizational policies and reducing manual configuration across individual projects.

diagram