Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.controlplane.com/llms.txt

Use this file to discover all available pages before exploring further.

Policy Creation Overview

Follow the steps below to create a policy defining access permissions to any Control Plane resource for any principal (user, service account, group, and identity).

Policy Creation Prerequisites

Create using the UI Console

  1. Create a new policy by either:
    • Clicking Policies in the left menu and click New, or
    • Click the Create dropdown in the upper right corner and select Policy
  2. Select Resource Type:
    • Enter a policy name and optional description
    • Select a target resource type
      • Choose one of the resource types that you’d like to control access to
      • You have the option to select specific resources or target all the resources in your org by turning on the Target All switch
      • If you are targeting all the resources, skip to step 4.
  3. Select Specific Resources:
    • Select Items from the left pane.
    • Choose one or both of the following methods to select resources:
      • Directly assigned: select from available resources
      • Dynamically assigned: configure match rules using tag queries
  4. Add a Binding:
    • Select Bindings from the left pane.
    • At least one binding is required. Click Add Binding.
    • Select one or more permissions. These permissions are specific to the selected resource type.
    • Browse through the principal tabs and select at least one principal. Click Add.
    • If required, add additional bindings. Note: The bindings must have a unique set of permissions. Click Create.
    • The policy has been created and is now active

Create using the CLI

Refer to the policy create and policy add-binding commands for details and examples on how to create a policy and binding using the CLI.

Policy Summary

Control Plane policies allow for fine-grained authorization to the resources within your org. By granting to principals only the permissions they need to get their job done, policies limit the information they can view and actions they can perform. Most applications and services running on the platform are mission-critical and authorized principals should only have the access they require.