Policy binding is the execution guard of the UOSE system. It defines whether a resource, action, or entity type in the current tenant and organization should be allowed, denied, or sent to approval.Documentation Index
Fetch the complete documentation index at: https://docs.xpertai.cn/llms.txt
Use this file to discover all available pages before exploring further.
Policy Effects
Policies support three effects:- allow: allow the matching request to continue.
- deny: reject the matching request.
- require_approval: require an approval request before execution can continue.
Matching Scope
Policies can match these fields:- resourceId: restrict to a resource.
- scope: for example, action.
- actionTypeCode or actionTypeCodes: restrict to actions.
- entityTypeCode or entityTypeCodes: restrict to target entity types.
- priority: control policy matching order.
- validFrom and validTo: control the effective time window.
Typical Policies
Common policies include:- Allow BI query actions to execute automatically.
- Deny database write actions.
- Require approval for SAP create and update actions.
- For production databases, allow only preview, describe, and explain, and deny mutation.
- Deny Agent calls on unpublished or experimental resources.
Policy Evaluation
The policy governance page supports create, update, delete, and evaluate. Evaluation helps administrators confirm before execution:- Whether an action will be allowed.
- Whether an entity type will trigger approval.
- Which policyId is hit.
- Whether the returned reason matches expectations.
Relationship to Action Discovery
discoverActions reflects policy results in allowed and denied actions:
- Allowed actions can enter simulation.
- Denied actions appear in denied actions.
- Actions requiring approval keep approval context and return approval requirements during simulation or execution.