Policy

Overview

A policy governs resource access within an org to a set of principals. It enables fine-grained authorization rules to define the minimum amount of permissions required when accessing resources of the platform.

A policy consists of:

A resource, and
One or more bindings

Resource

A resource is a Control Plane object (e.g., secret, workload, GVC, etc.).

A policy can be configured to target all or specific resources within your org.

For example, a policy can target all the GVCs within your org, or specifically GVC A and GVC B.

Specific resources can be assigned directly or dynamically (using a query).

Bindings

A binding is a mapping between:

A set of permissions (e.g., create, delete, etc.), and
Principal membership

The set of permissions that can be assigned to a policy are unique to each resource.

Principals can be users, groups, service accounts, and identities.

Examples

Allow a user or group access to the console
Allow a service account to execute CLI commands
Allow an identity access to reveal a secret. The identity can then be associated with a workload. The workload’s containers will have permissions to access the secret and use it as an environment variable.

Reference

Visit the policy reference page.

Workloads Principal Types

On this page

Overview
Resource
Bindings
Examples
Reference

Quickstart

Concepts

Guides

External Logging

Kubernetes (Managed)

Bring your Own Kubernetes (BYOK)

Terraform Provider

Reference

Overview

Resource

Bindings

Examples

Reference

Quickstart

Concepts

Guides

External Logging

Kubernetes (Managed)

Bring your Own Kubernetes (BYOK)

Terraform Provider

Reference

​Overview

​Resource

​Bindings

​Examples

​Reference

Overview

Resource

Bindings

Examples

Reference