A policy governs resource access within an org to a set of principals. It enables fine-grained authorization rules to define the minimum amount of permissions required when accessing resources of the platform.
A policy consists of:
A resource is a Control Plane object (e.g., secret, workload, GVC, etc.).
A policy can be configured to target all or specific resources within your org.
For example, a policy can target all the GVCs within your org, or specifically GVC A and GVC B.
Specific resources can be assigned directly or dynamically (using a query).
A binding is a mapping between:
The set of permissions that can be assigned to a policy are unique to each resource.
Principals can be users, groups, service accounts, and identities.
Visit the policy reference page.