Links

Policy Enforcement Levels

Abbey supports Enforcement levels for your access policies. Enforcement levels allow Abbey to evaluate your policies and determine whether or not to pass the entire policy check or fail the check, but with a warning. This is useful for creating policy hierarchies, gradual policy rollouts, and policy testing. All of this points to safer policy changes given the criticality of policies.
With Abbey you can define two levels of policy enforcement:
  1. 1.
    Mandatory - All policies must pass. If a single one fails, the entire check will result in a violation. Policies are marked as Mandatory using the deny[msg] { ... } rule in your Rego code.
  2. 2.
    Advisory - Any failure of a policy marked as Advisory will not cause a policy check violation, only a warning message. Policies are marked as Advisory using the warn[msg] { ... } rule in your Rego code.