> ## Documentation Index
> Fetch the complete documentation index at: https://docs.controlplane.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a Policy

> Create access control policies via Console UI and CLI. Covers principal targeting, permission binding, resource scoping, and policy testing.

## Overview

Follow the steps below to create a [policy](/reference/policy) defining access permissions to any Control Plane resource for any principal ([user](/reference/user), [service account](/reference/serviceaccount), [group](/reference/group), and [identity](/reference/identity)).

## Prerequisites

* Review the [policy](/reference/policy) reference page.
* Have [permissions](/reference/policy#permissions) to create a [policy](/reference/policy).
* Optional: Install the [CLI](/cli-reference/installation).

## Create using the Console

1. Create a new policy using one of the following methods:
   * Click `Policies` in the left menu, then click `New`.
   * Click the `Create` dropdown in the upper right corner and select `Policy`.
2. Configure the policy:
   * Enter a policy name and optional description.
   * Click `Target` and select the target kind you want to control access to.
     * You have the option to select specific resources or target all the resources in your [org](/reference/org) for that kind by turning on the `Target All Items` switch.
     * If you are targeting all the resources, skip the next step.
3. Select resources:
   * Choose one or both of the following methods to select resources:
     * For direct assignment: Click `Items` and then click the `Add` button and select from the available resources. Click `OK`.
     * For dynamic assignment: Click `Query` and then configure match rules using [tag queries](/core/misc#tags), properties, or relations. Click `Ok`.
4. Add a binding:
   * Select `Bindings`.
   * At least one binding is required. Click `Add Binding`.
   * Select one or more permissions. These permissions are specific to the selected kind.
   * Browse through the principal tabs and select at least one principal. Click `OK`.
   * If required, add additional bindings. Each binding must have a unique set of permissions. Click `Create`.
   * The policy has been created and is now active.

## Create using the CLI

Refer to the [policy create](/cli-reference/commands/policy#policy-create) and [policy add-binding](/cli-reference/commands/policy#policy-add-binding) commands for details and examples.

## Next Steps

Control Plane [policies](/reference/policy) allow for fine-grained authorization to the resources within your [org](/reference/org).

By granting principals only the permissions they need, policies limit the information they can view and the actions they can perform.

Most applications and services running on the platform are mission-critical, so authorized principals should have only the access they require.