Controls that you can configure using self-governance include:

  • Protecting a policy set from deletion
  • Ensuring a policy can never be updated
  • Preventing policies from being added or created in a policy set
  • Blocking a user's ability to delete attributes
  • Restricting a user's ability to read policies or policy sets
  • Allowing attributes to be elevated to secret status while forbidding secret attributes from moving to non-secret status

The following use cases demonstrate how to build and deploy some common self-governance policies.


To view a visual flow of your self-governance policy decisions, see Visualizing a policy decision response.