A policy governs resource access within an org to a set of principals. It enables fine-grained authorization rules to define the minimum amount of permissions required when accessing resources of the platform.A policy consists of:
A resource is a Control Plane object (e.g., secret, workload, GVC, etc.).A policy can be configured to target all or specific resources within your org.For example, a policy can target all the GVCs within your org, or specifically GVC A and GVC B.Specific resources can be assigned directly or dynamically (using a query).
Allow an identity access to reveal a secret. The identity can then be associated with a workload. The workload’s containers will have permissions to access the secret and use it as an environment variable.