Access Control Policy


Access Control Policy are high-level Policy requirements that specify how Access Control is managed and who, under what circumstances, may access what resources.

Access Control Policy has traditionally been done in an Application-centric or Organizational-centric bounded Context. With microservices and Zero Trust architectures a data-centric bounded Context is more appropriate.

While Access Control Policy can be Application-centric and thus taken into consideration by the application vendor, Access Control Policy are just as likely to pertain to user actions within the context of an organizational unit or across Organizational-centric boundaries. For instance, Access Control Policy may pertain to resource usage within or across organizational units or may be based on need to know, competence, authority, obligation, or conflict-of-interest factors.

Access Control Policy BeyondCorp#

Access Control Policy is a programmatic representation of the Resources, Trust Tiers, and other predicates that MUST be satisfied for successful authorization

More Information#

There might be more information for this subject on one of the following: