Access control policies are statements that bring attributes together to establish permissible and impermissible actions. Access policies can either be local or global, and can override other policies. Adobe provides a default policy that can be activated immediately or whenever your organization is ready to start controlling access to specific objects based on labels. The default policy leverages labels applied to resources to deny access unless users are in a role with a matching label.
Access policies are not to be confused with data usage policies, which control how data is used in Adobe Experience Platform instead of which users in your organization have access to it. See the guide on creating data usage policies for more information.
By default, the Auto-include feature is turned on for all customers, which means all sandboxes are added to the policy.
The Default-Label-Based-Access-Control-Policy policy is currently the only one available for configuration.
To view sandboxes associated to a policy, select the policy from the Policies tab.
Next, select the policy, then select Sandboxes tab. A list of sandboxes associated with the policy are displayed.
Use the Auto-include toggle on the Sandboxes tab to activate the policy for all sandboxes.
The Enable Auto-include dialog appears prompting you to confirm your selection. Select Enable to complete the configuration setting.
The policy is activated for all existing sandboxes and will be automatically be added to any new sandboxes when they become available.
Future sandboxes will not be included in the policy by default if the Auto-include toggle is switched off. You will need to manage and add sandboxes manually to the policy.
Use the Auto-include toggle on the Sandboxes tab to disable the policy for all sandboxes.
From the Sandboxes tab, select Add Sandboxes to select sandboxes that this policy will apply to.
A list of sandboxes appears. Select the sandbox you would like to add from the list. Alternatively, use the search bar to search for the sandbox. Select Save.
The selected sandboxes have been successfully added to the policy.
To remove a sandbox, select the X icon next to the sandbox name.
The Remove dialog appears prompting you to confirm your selection. Select Confirm to complete the removal.
The selected sandbox has been successfully removed from the policy.
To activate an existing policy, select the policy from the Policies tab.
Next, select the ellipsis (…
) next to a policies name, and a dropdown displays controls to edit, activate, delete, or duplicate the role. Select activate from the dropdown.
The Activate policy dialog appears, prompting you to confirm the activation.
You are returned to the policies tab and a confirmation of activation pop over appears. The policy status shows as active.
With a policy activated, you can proceed to the next step to manage permissions for a role.