Skip to main content
This topic describes how to create a DAG policy for access provisioning using existing user and resource attributes.
Creating the policy immediately grants or denies access.

Create a policy

  1. In Access Control, click Policies.
  2. Click Create Policy.
  3. Configure the policy using the following settings, and then click Create.

Step 1: Add policy details

Step 2: Select users or groups

Step 3: Select resources and actions

Step 4 (Optional): Add conditions

Operators by attribute data type

When the attribute type is User group, only Enum Set operators are available (Contains, Contains All, Contains Any, Intersects With, Is Empty). The Intersects With operator compares a user group’s attribute against a resource attribute, enabling dual-match conditions without specifying fixed values.

View Cedar policy

You can open a policy and click View as Cedar policy to see a human-readable Cedar version. Cedar is an open source language for defining permissions as policies, and a specification for evaluating those policies. Companies use Cedar to define who is authorized to do what within an application. This policy is stored in Sift and editable and verifiable via the API using the Cedar Access Control domain specific language.