You can use self-governance to control access to Policy Editor entities and operations in a wide variety of ways.
Controls that you can configure using self-governance include:
- Protecting a policy set from deletion
- Ensuring a policy can never be updated
- Preventing policies from being added or created in a policy set
- Blocking a user's ability to delete attributes
- Restricting a user's ability to read policies or policy sets
- Allowing attributes to be elevated to secret status while forbidding secret attributes from moving to non-secret status
The following use cases demonstrate how to build and deploy some common self-governance policies.
To view a visual flow of your self-governance policy decisions, see Visualizing a policy decision response.