ÃÛ¶¹ÊÓƵ

Manage access control policies

Access control policies are statements that bring attributes together to establish permissible and impermissible actions. Access policies can either be local or global, and can override other policies. ÃÛ¶¹ÊÓƵ provides a default policy that can be activated immediately or whenever your organization is ready to start controlling access to specific objects based on labels. The default policy leverages labels applied to resources to deny access unless users are in a role with a matching label.

IMPORTANT
Access policies are not to be confused with data usage policies, which control how data is used in ÃÛ¶¹ÊÓƵ Experience Platform instead of which users in your organization have access to it. See the guide on creating data usage policies for more information.

Configure policy for a sandbox

IMPORTANT
By default, the Auto-include feature is turned on for all customers, which means all sandboxes are added to the policy.
NOTE
The Default-Label-Based-Access-Control-Policy policy is currently the only one available for configuration.

To view sandboxes associated to a policy, select the policy from the Policies tab.

The policies page showing a list of existing policies available.

Next, select the policy, then select Sandboxes tab. A list of sandboxes associated with the policy are displayed.

The policies page showing a list of existing policies available.

Add policy to all sandboxes

Use the Auto-include toggle on the Sandboxes tab to activate the policy for all sandboxes.

The Sandboxes tab showing the Auto-include toggle.

The Enable Auto-include dialog appears prompting you to confirm your selection. Select Enable to complete the configuration setting.

The Enable Auto-include dialog highlighting Enable.

SUCCESS
The policy is activated for all existing sandboxes and will be automatically be added to any new sandboxes when they become available.

Add policy to select sandboxes

IMPORTANT
Future sandboxes will not be included in the policy by default if the Auto-include toggle is switched off. You will need to manage and add sandboxes manually to the policy.

Use the Auto-include toggle on the Sandboxes tab to disable the policy for all sandboxes.

The Sandboxes tab showing the Auto-include toggle.

From the Sandboxes tab, select Add Sandboxes to select sandboxes that this policy will apply to.

The Sandboxes tab showing a list of sandboxes added to the policy.

A list of sandboxes appears. Select the sandbox you would like to add from the list. Alternatively, use the search bar to search for the sandbox. Select Save.

The Add Sandboxes page showing a list of existing sandboxes available to add to the policy.

SUCCESS
The selected sandboxes have been successfully added to the policy.

Remove sandboxes from a policy

To remove a sandbox, select the X icon next to the sandbox name.

The Sandboxes tab showing a list of sandboxes, highlighting the X to delete.

The Remove dialog appears prompting you to confirm your selection. Select Confirm to complete the removal.

The Remove dialog highlighting Confirm.

SUCCESS
The selected sandbox has been successfully removed from the policy.

Activate a policy

To activate an existing policy, select the policy from the Policies tab.

flac-policy-select

Next, select the ellipsis (…) next to a policies name, and a dropdown displays controls to edit, activate, delete, or duplicate the role. Select activate from the dropdown.

flac-policy-activate

The Activate policy dialog appears, prompting you to confirm the activation.

flac-policy-activate-confirm

You are returned to the policies tab and a confirmation of activation pop over appears. The policy status shows as active.

flac-policy-activated

Next steps

With a policy activated, you can proceed to the next step to manage permissions for a role.

recommendation-more-help
631fcab2-5cb1-46ef-ba66-fe098ac723e0